Malware Analysis Report

2025-03-15 03:55

Sample ID 230705-p8bnbscd83
Target iexpioreexe.exe
SHA256 f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3
Tags
fatalrat infostealer persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3

Threat Level: Known bad

The file iexpioreexe.exe was found to be: Known bad.

Malicious Activity Summary

fatalrat infostealer persistence rat

FatalRat

Fatal Rat payload

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-07-05 12:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-05 12:59

Reported

2023-07-05 13:02

Platform

win10v2004-20230621-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe"

Signatures

FatalRat

infostealer rat fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Users\Admin\Desktop\iexpioreexe.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Jklmno.exe C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe N/A
File opened for modification C:\Windows\Jklmno.exe C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe N/A
File opened for modification C:\Windows\Jklmno.exe C:\Windows\Jklmno.exe N/A
File created C:\Windows\Jklmno.exe C:\Windows\Jklmno.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Jklmno.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Jklmno.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\Jklmno Qrstuvwx C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Jklmno Qrstuvwx C:\Windows\Jklmno.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Jklmno Qrstuvwx\Group = "Fatal" C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\Windows\Jklmno.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133330356949321553" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Jklmno Qrstuvwx\InstallTime = "2023-07-05 13:00" C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\Jklmno.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum C:\Windows\Jklmno.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version = "7" C:\Windows\Jklmno.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A
N/A N/A C:\Windows\Jklmno.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Jklmno.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Jklmno.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3484 wrote to memory of 2508 N/A C:\Windows\Jklmno.exe C:\Windows\Jklmno.exe
PID 3484 wrote to memory of 2508 N/A C:\Windows\Jklmno.exe C:\Windows\Jklmno.exe
PID 3484 wrote to memory of 2508 N/A C:\Windows\Jklmno.exe C:\Windows\Jklmno.exe
PID 4928 wrote to memory of 928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 928 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe

"C:\Users\Admin\AppData\Local\Temp\iexpioreexe.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\Jklmno.exe

C:\Windows\Jklmno.exe

C:\Windows\Jklmno.exe

C:\Windows\Jklmno.exe Win7

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8d7669758,0x7ff8d7669768,0x7ff8d7669778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3244 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3276 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1840,i,3171548708790829248,8478722570639528091,131072 /prefetch:8

C:\Users\Admin\Desktop\iexpioreexe.exe

"C:\Users\Admin\Desktop\iexpioreexe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
DE 2.23.209.51:443 assets.msn.com tcp
US 8.8.8.8:53 51.209.23.2.in-addr.arpa udp
CN 120.79.43.38:8085 tcp
US 8.8.8.8:53 38.43.79.120.in-addr.arpa udp
US 8.8.8.8:53 216.74.101.95.in-addr.arpa udp
DE 23.218.209.198:443 tcp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 virustotal.com udp
US 216.239.38.21:443 virustotal.com tcp
US 216.239.38.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 recaptcha.net udp
NL 142.251.39.99:443 recaptcha.net tcp
NL 142.251.39.99:443 recaptcha.net udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.39.251.142.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp

Files

memory/4920-133-0x0000000010000000-0x000000001001C000-memory.dmp

C:\Windows\Jklmno.exe

MD5 667aca3b0011aebd3ac1eb04a929e79b
SHA1 7489d2101aaa8057fdfe8c22cca54df999f9bd7b
SHA256 f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3
SHA512 ddd335b9af141352409b1a94ca0020a581ba19b5cfa3edb9daad0805ce51d8a4d12ce6f5a4e0742db9cab7f92ae67f83b3a51f88dc018821aa0f8edf5e636b45

C:\Windows\Jklmno.exe

MD5 667aca3b0011aebd3ac1eb04a929e79b
SHA1 7489d2101aaa8057fdfe8c22cca54df999f9bd7b
SHA256 f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3
SHA512 ddd335b9af141352409b1a94ca0020a581ba19b5cfa3edb9daad0805ce51d8a4d12ce6f5a4e0742db9cab7f92ae67f83b3a51f88dc018821aa0f8edf5e636b45

memory/3484-141-0x0000000010000000-0x000000001001C000-memory.dmp

C:\Windows\Jklmno.exe

MD5 667aca3b0011aebd3ac1eb04a929e79b
SHA1 7489d2101aaa8057fdfe8c22cca54df999f9bd7b
SHA256 f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3
SHA512 ddd335b9af141352409b1a94ca0020a581ba19b5cfa3edb9daad0805ce51d8a4d12ce6f5a4e0742db9cab7f92ae67f83b3a51f88dc018821aa0f8edf5e636b45

memory/4484-152-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-153-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-154-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-158-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-159-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-160-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-161-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-162-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-163-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

memory/4484-164-0x000002C4B18A0000-0x000002C4B18A1000-memory.dmp

\??\pipe\crashpad_4928_ZAYOWFDDMQXARBGC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a01f17b1a8d97a4289677881d72d33d4
SHA1 1902b7b3d2077f71b1b243054b9de56fdaec7d07
SHA256 c3d21fc2176658f985c3367322b256d1a2a6aca7eed948f5fa612f6ae022b134
SHA512 51ba459ae194d7055a84100e83cdf572e73c596c81732b3eab0f9312c4e0f318daa2d9f676803b80166db72c15af6d835dd1080d8982a3214e2d05c9763aa4a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71d4617921510f0749876064e583b7b2
SHA1 15c782618cfc89977a059636a7b87888000e735e
SHA256 1efb2ac934b561fe87cecb317b4b9314d74e6d8281d2d8e7d0f6053df28da99c
SHA512 f612d41984f77ad0e69667c2ec9c05a7b029df7b71ef0bb0896627d3eeb33dd70c8e5058a3ce2fd8a59ca48df4b826e0ecefe863fc52cb7c220c311e9cfcac16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 79e01737d15712ef3d58daf6be0a3ea9
SHA1 d51f4e450452e9d9e858f8ef34f1f9a19ee32f47
SHA256 ee9ddceb1a0998ad02635ea4b74e8ee15e8028458757dc307f5ac2c95707788e
SHA512 68a2d0913377c395369957de4c806cc78af46d46bdec5446d6cadc4845456f0b08cba6468859ce2b1bc0ba48bcc5c4989e9dd0fadbde094214869eeb97c72b11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c5a6822a8ae473f99a2692aae8d6fa4d
SHA1 816ca929d54eca34f28d92cb045a791665e52005
SHA256 dd61eb6dcf0e12cced5150fd12e598017380b4d3a56b074bc2a117d3e3541521
SHA512 d43136a36f849dbcdd2e72a6d276d0276c21bcfefaec76d45c6e5b0d4f6e29d7fa07ed3d0d9bd2e8655b228536985e3dd723276b8ed5cbb60f0a82f2943e1898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 7a88e1edbba1ad7bd345eb14f1377a59
SHA1 b299cf2eacc2d17d1f2fbda9391079b6f05fb022
SHA256 3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c
SHA512 48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59e235a8c837b81b12624ff857c05cc2
SHA1 eea024b70dba8d6e361eb79e0902e3c7b00a1d4b
SHA256 152cb2565df03d34d6cad26604b9978b0eeb8b96a73eb54ffb7b82cd44211d2b
SHA512 e52117f78d0c695fe390b7856e22bbc73a8f815400a26d5ce608891ce51159f1c18b91ec5ed5fe12fb9708190403a98f9e2eb8d84a7a62a935288f337adf6911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3b7a4028ade581af433bd8aa78c89f23
SHA1 c45a46d90ccdf8b5e32a0cccd5c73a2426b8afef
SHA256 75defa0d5e76fac662917cd4cd58a5e2c42252122bb77ebf2e65390da53479b6
SHA512 e6207ae5e3283093464a05bcc57d2de80d3186d9dc9b797660dd271e6c877d940e6777a56fca6146c76f333884e887b80e1e4ec1a91e18d2b8bc15bfe92e40f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 39725846016528abf1e5e2a70c729500
SHA1 0aaf4aad18a4a2d03fa7ff625997c4458299ffb9
SHA256 83986a5ff74eade3d580f10ebf8a267426493ecdcc1c0324502084bfdfa9643a
SHA512 39019c568c0bcf1f63f6d4a650f41f6222dfc826a6ceb13f9fa04f833a8d9400273b8e50a50027352601f78403923e23d95ab93752a256eb0c271f56da013bb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587d68.TMP

MD5 2cfbda3f95852e999679974ed29d976d
SHA1 8fa49d42ec18b740e41001352d4c5c67799a8b82
SHA256 ae2d2bda6e9c65b87ce7e03d2298542f173b72c07d476d9ef88e9a5e72d8c94a
SHA512 f38f5c98d7232bff6b6430b86d1878d748c3596f76675473c5d6abbf098e90e9c01f5320d1fce73690aac0a63e959bdce421171789884011f609b9edc6be6a7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 d6c096c975396af99e5e738e33188024
SHA1 51e974a36e3ffb129e3c59a780800fa096daa87f
SHA256 5a0071c9783074335c5f0b70d556e22d3ce7f224ac98812f722cd581e4505962
SHA512 2817a698aa8d82aa228748b393959f3b2a0e8e5589bd6cf0dcd51f2d37b6de81fa24c3ff4897f6210470dde10a3db2b11de593cbce00e228e3d9b994c521e5b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ee2215933a363fd3cf9e8525c3c66950
SHA1 614b94b02e1571d205a86eed921608b34a3e0430
SHA256 49491efd26c2555267920faf76519a1ea73cfa7f0dd6d4213cbbd7e9706bc3a2
SHA512 230b6065fd65d745bc53913521dcceb5db57da4931bc972e61252568084992ff9b4e043f87af59ff03a723254ce93de3b40f81999935d9d66aa341c3c640ae4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5898c0.TMP

MD5 86fd299b8b9334f396c47563b15d738d
SHA1 f5c43cbab22fa34ca112edb9b8c63cbbde59a7f7
SHA256 48e22298fafcfd5fe213581d7ab738f02cb616601d6247cb491f10bd96b1bb1d
SHA512 361f4d11ad4ba605b3830e9b45e864b0d73e4737778129d9fd15ac9357a8f577dddd3a5bf3350ac273382e98d1c69106705751c1913b90158fb9be186d33da10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 64f231ce4b7fcc6ad44503246cf464f9
SHA1 f92a87d936e74c3125199190de6b02422320268c
SHA256 e0237da7375ec953cdd61e8b2c4886e01811da8f391e3deaf6b94139593935ee
SHA512 3887a3ef5ea09f692f89804ad6616a5c06455da1579606f476815585ea5095b5e642e461b54ed9307d798eafe4801b20bffa6dccce5e41a16c9638f0434fb3ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f457eaff21368a59b62c6d90303a49e3
SHA1 63570778cb2deb8fde115484ef07cff6359621f6
SHA256 8dbe83c50535dba88c3bde0de4458716533cef4a11539e913ec5fad79d80b83a
SHA512 ceb1c9ce49e1f971f35678c552ee48c1a1afbad93f5934fbbba8e901ca872647f2e84580083749a69a5e7dc52a24b9f52e1a58606531327e179636e733127df3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05b629e808166c5d2b2c2da4485de324
SHA1 088773de02a9eea38a27a08de7fde30480b41b33
SHA256 4fea7d675891f2792ef57b3c9d1a6349f5ee3353380eec2fb3da21b515d1fcfd
SHA512 72b6278c2798bbcfd4d9a22bfa575b4de74c41c846d638e0abe7e6943138946e6fd166062562e163e122f8fd4adecb7a645dfc0edbdc9c71cc5cbe68500124c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20f5bf641325ecd947b8ea07142a5276
SHA1 ae09ef98a72fcbfa384ba3c524f1205c77afc425
SHA256 02a6e8d6c34c6f3482c38a0efc2e95980ba9cb78039e9a546c335e9d95f01606
SHA512 69bffab4338b13590714fca80c995a13ca4914cbe62cf34b6f7552556fdd1018890e780903d6c65062250645dc6c8e7278867d16a4520c3756027f98e777ab1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 c93d341639050b686a4126ce96ca106d
SHA1 d7e4ec8bed4a8a71e1b2e4e7fe1051a6ccdcde46
SHA256 1db534295a8f571b7516221cd2d341e3689c55f12aa72e91f050fce7263102e3
SHA512 981b5eac39b9aca0625d94f57bfd02d29efb8fd1ab0a7ad890586e14c63a77e2fc66c087698bca1beb994a4b0b3d82ede10dc84f29e6da60ddc898d0419533bb

C:\Users\Admin\Desktop\iexpioreexe.exe

MD5 667aca3b0011aebd3ac1eb04a929e79b
SHA1 7489d2101aaa8057fdfe8c22cca54df999f9bd7b
SHA256 f10495057c282936b7d00e5bed9c2eb0efdcef1e23ef60ec6be4566fb2626be3
SHA512 ddd335b9af141352409b1a94ca0020a581ba19b5cfa3edb9daad0805ce51d8a4d12ce6f5a4e0742db9cab7f92ae67f83b3a51f88dc018821aa0f8edf5e636b45

memory/4992-476-0x0000000010000000-0x000000001001C000-memory.dmp