Malware Analysis Report

2025-01-02 06:12

Sample ID 230123-rsz24afc2x
Target 3ce490e0eea1aa00c65f6caac36f2306.bin
SHA256 11ee256ecfb1af5bbf60d7ca2dbf94067dc8bd5e3f864e5da7f21fc52e942797
Tags
socelars spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

11ee256ecfb1af5bbf60d7ca2dbf94067dc8bd5e3f864e5da7f21fc52e942797

Threat Level: Known bad

The file 3ce490e0eea1aa00c65f6caac36f2306.bin was found to be: Known bad.

Malicious Activity Summary

socelars spyware stealer

Socelars payload

Socelars family

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies system certificate store

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-23 14:28

Signatures

Socelars family

socelars

Socelars payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-23 14:28

Reported

2023-01-23 14:30

Platform

win7-20221111-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1160 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 1160 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 1160 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 1160 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 1120 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1120 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1120 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1120 wrote to memory of 1488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 1160 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1160 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1160 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1160 wrote to memory of 2016 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 1196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2016 wrote to memory of 616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe

"C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefa994f50,0x7fefa994f60,0x7fefa994f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3760 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,6936580208169408196,7412012822138703443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4168 /prefetch:8

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 www.icodeps.com udp
N/A 149.28.253.196:443 www.icodeps.com tcp
N/A 8.8.8.8:53 ocsp.trust-provider.cn udp
N/A 47.246.48.208:80 ocsp.trust-provider.cn tcp
N/A 8.8.8.8:53 iplogger.org udp
N/A 148.251.234.83:443 iplogger.org tcp
N/A 148.251.234.83:443 iplogger.org tcp
N/A 148.251.234.83:443 iplogger.org tcp
N/A 148.251.234.83:443 iplogger.org tcp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 172.217.168.238:443 clients2.google.com tcp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 8.8.8.8:53 hyhjuer.s3.eu-west-3.amazonaws.com udp
N/A 52.95.156.56:443 hyhjuer.s3.eu-west-3.amazonaws.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 m.facebook.com udp
N/A 157.240.247.35:443 m.facebook.com tcp
N/A 8.8.8.8:53 secure.facebook.com udp
N/A 179.60.193.11:443 secure.facebook.com tcp
N/A 8.8.8.8:53 www.gooeg.com udp
N/A 188.114.96.0:80 www.gooeg.com tcp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 216.58.208.99:443 ssl.gstatic.com tcp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:443 dns.google udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:53 safebrowsing.googleapis.com udp
N/A 142.250.179.170:443 safebrowsing.googleapis.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.163:443 update.googleapis.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:443 dns.google udp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.170:443 safebrowsing.googleapis.com udp
N/A 8.8.8.8:53 www.listfcbt.top udp
N/A 8.8.8.8:53 www.typefdq.xyz udp
N/A 8.8.8.8:53 www.rqckdpt.top udp

Files

memory/1160-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

memory/1120-55-0x0000000000000000-mapping.dmp

memory/1488-56-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cc0f23dd1d77584310a5e3971061950b
SHA1 bb214d145882383e23c18c21383d0207e864fa32
SHA256 3e1a8ef6b0b45720a440669d8613f8d36cd40420a737e339077f90e1507da50e
SHA512 c7170452c6369cdc349a56096c3eb8fbc2a190e734833452865d41d5d446190f37ad89976145fe203847ddb13f324e6b3d98e5ad82b6c6f44b42a0c6f304838c

\??\pipe\crashpad_2016_XLBHHBJWRZZTJECI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

MD5 05bfb082915ee2b59a7f32fa3cc79432
SHA1 c1acd799ae271bcdde50f30082d25af31c1208c3
SHA256 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA512 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

MD5 362695f3dd9c02c83039898198484188
SHA1 85dcacc66a106feca7a94a42fc43e08c806a0322
SHA256 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512 a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

MD5 e4f23ca32cacfb4de268eb194cc21143
SHA1 8d747bec1f49e0de55efefe79765870ea5b1b27c
SHA256 1fa3f358c7877cd49011adc35d8ac163b3b7dfa5703ac840ae01777c379cb71c
SHA512 ecc4c7da2b69b9badec1fb378ad1d8773142d2fa6377ff0ab2d825568a950205cfb48752c84479863eedf3f362b84aecc9bc6c542eb8fb26f136b8df364162ca

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

MD5 06611c9e91344f9d0018ccdb2fc4ad65
SHA1 5d68cecdbbff6ab6d38948f1b90c7dd5a7ff665c
SHA256 0e4f99a12d97efced42d7ab49bfa36c4a99bf0c38bb531c74456424d541c02bd
SHA512 7b1af6189e1f61f29fad4976f9db1f06a015dfb4898c76dddbc0e2e1b4a026f0aacf329c7f653236a8d41acebd0c860cd6ee5d002d4a3542df05f3c49fb79936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 564c0803e754c1e347ee6de8d09f2b9c
SHA1 c7f2d2dba25f0f517f2923dea697e3763066bc0b
SHA256 da9deb07d4e1424ee07b49f887975c0db5e87c5b917379439f6ee925edd953c1
SHA512 29c2f40c364a0f9a4d448d9835d923b8bb26288b0da3b446bade5925da82a79ec3613b3ce2f47d44b7b5baa6a10b482fb783772c4a7a9546e5e78b5050b73e4a

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-23 14:28

Reported

2023-01-23 14:30

Platform

win10v2004-20221111-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File opened for modification C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
File created C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 31 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 32 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4888 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 4888 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Windows\SysWOW64\cmd.exe
PID 4024 wrote to memory of 1344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4024 wrote to memory of 1344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4024 wrote to memory of 1344 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 4888 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4888 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 3068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1788 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe

"C:\Users\Admin\AppData\Local\Temp\9985c317d0211f5c1a6c2bd1598acf3c9b2582606ce0788e21317a425b175410.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xd8,0xdc,0x7ffdfc874f50,0x7ffdfc874f60,0x7ffdfc874f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2008 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4720 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1616,6049981975022511176,7784042493520447504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=212 /prefetch:2

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 www.icodeps.com udp
N/A 149.28.253.196:443 www.icodeps.com tcp
N/A 8.8.8.8:53 ocsp.trust-provider.cn udp
N/A 47.246.48.208:80 ocsp.trust-provider.cn tcp
N/A 8.8.8.8:53 iplogger.org udp
N/A 148.251.234.83:443 iplogger.org tcp
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:53 hyhjuer.s3.eu-west-3.amazonaws.com udp
N/A 8.8.8.8:53 m.facebook.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 3.5.224.140:443 hyhjuer.s3.eu-west-3.amazonaws.com tcp
N/A 172.217.168.238:443 clients2.google.com tcp
N/A 179.60.193.35:443 m.facebook.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 www.gooeg.com udp
N/A 188.114.96.0:80 www.gooeg.com tcp
N/A 8.8.8.8:53 secure.facebook.com udp
N/A 179.60.193.11:443 secure.facebook.com tcp
N/A 8.8.8.8:53 apis.google.com udp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 8.8.8.8:53 www.facebook.com udp
N/A 157.240.247.35:443 www.facebook.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google udp
N/A 216.58.208.99:443 ssl.gstatic.com tcp
N/A 72.21.81.240:80 tcp
N/A 104.80.225.205:443 tcp
N/A 8.8.4.4:443 dns.google udp
N/A 142.250.179.163:443 update.googleapis.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 142.250.179.163:443 udp
N/A 8.8.4.4:443 dns.google udp
N/A 8.8.8.8:53 www.listfcbt.top udp
N/A 142.250.179.227:443 beacons.gcp.gvt2.com tcp
N/A 8.8.8.8:53 www.typefdq.xyz udp
N/A 8.8.8.8:53 www.rqckdpt.top udp

Files

memory/4024-132-0x0000000000000000-mapping.dmp

memory/1344-133-0x0000000000000000-mapping.dmp

\??\pipe\crashpad_1788_DRAFJKZREBTMNOMK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 788aa159bfd9b5c396d6798ed1717d10
SHA1 0583dc1dc3902022466a58005ea4c5918e612e03
SHA256 e8f0d94881281aea17a7ffbe7e17e48358fb325428bf7268252ab297728938de
SHA512 4498a7eff65b1e7f5d6b616f3cde60133498a26b96b7521b2505dd508c89b0b532b879b9f7d293f983da7fe3604be5792e942bf5237ca4a072419e462ffbf7d1

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

MD5 e4f23ca32cacfb4de268eb194cc21143
SHA1 8d747bec1f49e0de55efefe79765870ea5b1b27c
SHA256 1fa3f358c7877cd49011adc35d8ac163b3b7dfa5703ac840ae01777c379cb71c
SHA512 ecc4c7da2b69b9badec1fb378ad1d8773142d2fa6377ff0ab2d825568a950205cfb48752c84479863eedf3f362b84aecc9bc6c542eb8fb26f136b8df364162ca

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

MD5 a09e13ee94d51c524b7e2a728c7d4039
SHA1 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
SHA256 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
SHA512 f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

MD5 362695f3dd9c02c83039898198484188
SHA1 85dcacc66a106feca7a94a42fc43e08c806a0322
SHA256 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca
SHA512 a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

MD5 05bfb082915ee2b59a7f32fa3cc79432
SHA1 c1acd799ae271bcdde50f30082d25af31c1208c3
SHA256 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1
SHA512 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

MD5 9ffe618d587a0685d80e9f8bb7d89d39
SHA1 8e9cae42c911027aafae56f9b1a16eb8dd7a739c
SHA256 a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e
SHA512 a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

MD5 c4f21f5bb4cab8e25d81cfd723a3f668
SHA1 700777357e1e9b98fad63b481f9e8171fb3289af
SHA256 d5935fcdd94aafe7d7d1e064f2435369e166be66b09e8438a495ad57feee7feb
SHA512 9546e91ac0308a7a5b15fed1481f571caf0b0b8a5dc8bca240b00e25e666f4e37b354338f388b7ac9090eeb851453f19efe5da9b278189c11e1b38b5be72e455

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

MD5 23231681d1c6f85fa32e725d6d63b19b
SHA1 f69315530b49ac743b0e012652a3a5efaed94f17
SHA256 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a
SHA512 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

MD5 4ff108e4584780dce15d610c142c3e62
SHA1 77e4519962e2f6a9fc93342137dbb31c33b76b04
SHA256 fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a
SHA512 d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

MD5 0f26002ee3b4b4440e5949a969ea7503
SHA1 31fc518828fe4894e8077ec5686dce7b1ed281d7
SHA256 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d
SHA512 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e