Malware Analysis Report

2025-05-05 23:47

Sample ID 230208-2zfxxaad42
Target vodka.dat
SHA256 be5820fb00e7bde9eaf30e37290a0913c4c73a841ad5b5d8fb9ad33285711ef1
Tags
qakbot obama238 1675870889 banker stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be5820fb00e7bde9eaf30e37290a0913c4c73a841ad5b5d8fb9ad33285711ef1

Threat Level: Known bad

The file vodka.dat was found to be: Known bad.

Malicious Activity Summary

qakbot obama238 1675870889 banker stealer trojan

Qakbot/Qbot

Downloads MZ/PE file

Executes dropped EXE

Drops file in Program Files directory

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Gathers network information

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Discovers systems in the same network

Runs net.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-02-08 23:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-08 23:00

Reported

2023-02-08 23:11

Platform

win7-20220812-en

Max time kernel

419s

Max time network

422s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 228

Network

N/A

Files

memory/884-54-0x0000000000000000-mapping.dmp

memory/884-55-0x0000000076411000-0x0000000076413000-memory.dmp

memory/1724-56-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-08 23:00

Reported

2023-02-08 23:11

Platform

win10v2004-20221111-en

Max time kernel

600s

Max time network

596s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

Signatures

Qakbot/Qbot

trojan banker stealer qakbot

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecoveryCRX.crx C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A

Discovers systems in the same network

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\net.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netstat.exe N/A
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4246620582-653642754-1174164128-1000\{6775B61E-57A3-4E31-8D08-66B8F754357D} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Windows\SysWOW64\msra.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\netstat.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\whoami.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4860 wrote to memory of 4832 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4860 wrote to memory of 4832 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4860 wrote to memory of 4832 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 816 wrote to memory of 3620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 816 wrote to memory of 3620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 3620 wrote to memory of 3104 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3620 wrote to memory of 3104 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3620 wrote to memory of 3104 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3104 wrote to memory of 1492 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 1492 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 1492 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 4592 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 4592 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 4592 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 4592 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 3104 wrote to memory of 4592 N/A C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\wermgr.exe
PID 5104 wrote to memory of 2192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2192 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 3204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 4112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 4112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5104 wrote to memory of 2828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vodka.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4832 -ip 4832

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 620

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\rundll32.exe

rundll32.exe vodka.dll,Wind

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe vodka.dll,Wind

C:\Windows\SysWOW64\wermgr.exe

C:\Windows\SysWOW64\wermgr.exe

C:\Windows\SysWOW64\wermgr.exe

C:\Windows\SysWOW64\wermgr.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4592 -ip 4592

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 352

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f394f50,0x7ffb7f394f60,0x7ffb7f394f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8

C:\Windows\SysWOW64\msra.exe

C:\Windows\SysWOW64\msra.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5096 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x33c 0x3e0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe

"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={f1a461c1-2eb0-4159-9a3d-6d25cd543e5f} --system

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6068 /prefetch:8

C:\Windows\SysWOW64\net.exe

net view

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,367076897628458269,15999507094893231897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

cmd /c set

C:\Windows\SysWOW64\arp.exe

arp -a

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /all

C:\Windows\SysWOW64\nslookup.exe

nslookup -querytype=ALL -timeout=12 _ldap._tcp.dc._msdcs.WORKGROUP

C:\Windows\SysWOW64\net.exe

net share

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 share

C:\Windows\SysWOW64\route.exe

route print

C:\Windows\SysWOW64\netstat.exe

netstat -nao

C:\Windows\SysWOW64\net.exe

net localgroup

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 localgroup

C:\Windows\SysWOW64\whoami.exe

whoami /all

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Country Destination Domain Proto
IE 20.190.159.4:443 tcp
US 13.107.21.200:443 tcp
US 13.107.21.200:443 tcp
US 13.107.21.200:443 tcp
US 13.107.21.200:443 tcp
US 8.8.8.8:53 s-ring.msedge.net udp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 13.107.21.200:443 www.bing.com tcp
IE 20.190.159.75:443 tcp
N/A 224.0.0.251:5353 udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 52.152.108.96:443 tcp
NL 172.217.168.238:443 clients2.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.208.110:443 apis.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
NL 88.221.25.154:80 tcp
NL 88.221.25.154:80 tcp
NL 142.250.179.163:443 update.googleapis.com tcp
NL 104.80.225.205:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.1:443 lh5.googleusercontent.com tcp
NL 142.251.36.1:443 clients2.googleusercontent.com tcp
GB 216.58.208.99:443 ssl.gstatic.com tcp
IE 20.50.73.9:443 tcp
US 8.248.7.254:80 tcp
US 8.248.7.254:80 tcp
US 8.248.7.254:80 tcp
NL 142.251.36.54:443 tcp
NL 142.251.36.54:443 i.ytimg.com tcp
NL 142.251.36.54:443 tcp
NL 142.251.36.54:443 tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 164.2.77.40.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com tcp
NL 74.125.8.71:443 rr2---sn-5hneknee.googlevideo.com tcp
NL 74.125.8.71:443 rr2---sn-5hneknee.googlevideo.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr2---sn-5hnekn7k.googlevideo.com udp
NL 209.85.226.71:443 rr2---sn-5hnekn7k.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr3---sn-5hneknek.googlevideo.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 74.125.8.136:443 rr3---sn-5hneknek.googlevideo.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr1---sn-aigzrnld.googlevideo.com udp
US 8.8.8.8:53 rr1---sn-aigzrn7d.googlevideo.com udp
GB 74.125.97.70:443 rr1---sn-aigzrnld.googlevideo.com udp
GB 173.194.138.198:443 rr1---sn-aigzrn7d.googlevideo.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i2.ytimg.com udp
NL 142.250.179.174:443 i2.ytimg.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
NL 142.250.179.161:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 youtube.com udp
NL 142.250.179.142:443 youtube.com tcp
US 8.8.8.8:53 rr3---sn-5hnednss.googlevideo.com udp
NL 172.217.132.200:443 rr3---sn-5hnednss.googlevideo.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 i9.ytimg.com udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
US 67.27.153.254:80 tcp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 172.217.168.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 8.238.20.126:80 tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.208.99:443 beacons.gvt2.com tcp
US 8.8.8.8:53 rr2---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.231:443 rr2---sn-5hne6nzd.googlevideo.com udp
NL 209.85.226.71:443 rr2---sn-5hnekn7k.googlevideo.com udp
US 8.8.8.8:53 i1.ytimg.com udp
NL 216.58.214.14:443 i1.ytimg.com tcp
US 8.8.8.8:53 rr4---sn-5hne6n6l.googlevideo.com udp
NL 74.125.8.169:443 rr4---sn-5hne6n6l.googlevideo.com udp
US 8.8.8.8:53 microsoft.com udp
US 20.112.52.29:443 microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 173.223.113.131:443 www.microsoft.com tcp
PL 83.7.54.170:443 tcp
PL 83.7.54.170:443 tcp
PL 83.7.54.170:443 tcp
US 8.8.8.8:53 rr2---sn-5hne6nz6.googlevideo.com udp
NL 74.125.100.199:443 rr2---sn-5hne6nz6.googlevideo.com udp
PL 83.7.54.170:443 tcp
CA 70.51.132.216:2222 tcp
CA 70.51.132.216:2222 tcp
CA 70.51.132.216:2222 tcp
CA 70.51.132.216:2222 tcp
US 72.194.232.94:443 72.194.232.94 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 _ldap._tcp.dc._msdcs.WORKGROUP udp
US 8.8.8.8:53 _ldap._tcp.dc._msdcs.WORKGROUP udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
GB 23.43.75.27:80 evcs-ocsp.ws.symantec.com tcp
US 72.194.232.94:443 72.194.232.94 tcp
US 72.194.232.94:443 72.194.232.94 tcp
US 8.8.8.8:53 linkedin.com udp
US 13.107.42.14:443 linkedin.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 72.194.232.94:443 72.194.232.94 tcp

Files

memory/4832-132-0x0000000000000000-mapping.dmp

memory/3620-133-0x0000000000000000-mapping.dmp

memory/3104-134-0x0000000000000000-mapping.dmp

memory/3104-135-0x0000000010000000-0x0000000010023000-memory.dmp

memory/3104-140-0x0000000002C70000-0x0000000002C73000-memory.dmp

memory/4592-141-0x0000000000000000-mapping.dmp

\??\pipe\crashpad_5104_RDIOEEXTOIDJKRAZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4792-143-0x0000000000000000-mapping.dmp

memory/4792-144-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

memory/4792-145-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

MD5 ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA1 10958b0f690ae8f5240e1528b1ccffff28a33272
SHA256 7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA512 6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

memory/1508-148-0x0000000000000000-mapping.dmp

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2908_1384752214\ChromeRecovery.exe

MD5 49ac3c96d270702a27b4895e4ce1f42a
SHA1 55b90405f1e1b72143c64113e8bc65608dd3fd76
SHA256 82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512 b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

memory/3652-150-0x0000000000000000-mapping.dmp

memory/4860-151-0x0000000000000000-mapping.dmp

memory/1636-152-0x0000000000000000-mapping.dmp

memory/4760-153-0x0000000000000000-mapping.dmp

memory/4224-154-0x0000000000000000-mapping.dmp

memory/5244-155-0x0000000000000000-mapping.dmp

memory/3952-156-0x0000000000000000-mapping.dmp

memory/5428-157-0x0000000000000000-mapping.dmp

memory/5140-158-0x0000000000000000-mapping.dmp

memory/4500-159-0x0000000000000000-mapping.dmp

memory/2780-160-0x0000000000000000-mapping.dmp

memory/4212-161-0x0000000000000000-mapping.dmp