Malware Analysis Report

2025-01-22 14:18

Sample ID 240224-ptscjace31
Target Celesty.zip
SHA256 e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425
Tags
warzonerat infostealer persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e2098968949c37b9ccdfe772dd68325316720840fc6c9e7b014fbf2ba51c7425

Threat Level: Known bad

The file Celesty.zip was found to be: Known bad.

Malicious Activity Summary

warzonerat infostealer persistence rat

Warzonerat family

Warzone RAT payload

WarzoneRat, AveMaria

Warzone RAT payload

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Unsigned PE

Modifies data under HKEY_USERS

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-24 12:37

Signatures

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Warzonerat family

warzonerat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 12:37

Reported

2024-02-24 12:39

Platform

win7-20240221-en

Max time kernel

43s

Max time network

28s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe"

Signatures

WarzoneRat, AveMaria

rat infostealer warzonerat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\WinDefend.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender SmartScreen = "C:\\ProgramData\\WinDefend.exe" C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe

"C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe"

C:\ProgramData\WinDefend.exe

"C:\ProgramData\WinDefend.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 su8z3r0.myvnc.com udp

Files

\ProgramData\WinDefend.exe

MD5 48b8111a615d7c128bdbee812e202485
SHA1 18609579af28054974db5bb2ce48e931f662eb91
SHA256 7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711
SHA512 d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-24 12:37

Reported

2024-02-24 12:41

Platform

win10v2004-20240221-en

Max time kernel

137s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe"

Signatures

WarzoneRat, AveMaria

rat infostealer warzonerat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\WinDefend.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Defender SmartScreen = "C:\\ProgramData\\WinDefend.exe" C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532520179723553" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5056 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe C:\ProgramData\WinDefend.exe
PID 5056 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe C:\ProgramData\WinDefend.exe
PID 5056 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe C:\ProgramData\WinDefend.exe
PID 764 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 3436 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 1944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe

"C:\Users\Admin\AppData\Local\Temp\Celesty\Celesty Binder v1 0 .exe"

C:\ProgramData\WinDefend.exe

"C:\ProgramData\WinDefend.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffadd899758,0x7ffadd899768,0x7ffadd899778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1912 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=2080,i,4630608778814734503,13605781890156421650,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 85.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 rutube.ru udp
RU 178.248.233.148:443 rutube.ru tcp
RU 178.248.233.148:443 rutube.ru tcp
US 8.8.8.8:53 static.rutube.ru udp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
RU 89.248.230.8:443 static.rutube.ru tcp
US 8.8.8.8:53 148.233.248.178.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 captcha-api.yandex.ru udp
US 8.8.8.8:53 pic.rutubelist.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 5.255.255.70:443 yandex.ru tcp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 89.248.230.8:443 pic.rutubelist.ru tcp
US 8.8.8.8:53 8.230.248.89.in-addr.arpa udp
US 8.8.8.8:53 70.255.255.5.in-addr.arpa udp
US 8.8.8.8:53 121.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
RU 87.250.250.121:443 captcha-api.yandex.ru tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 avatars.mds.yandex.net udp
US 8.8.8.8:53 mc.yandex.ru udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 ads.adfox.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.247.184:443 avatars.mds.yandex.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 184.247.250.87.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 cdn.uxfeedback.ru udp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
US 8.8.8.8:53 vk.com udp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 api.expf.ru udp
RU 51.250.15.190:443 api.expf.ru tcp
US 8.8.8.8:53 179.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 93.93.17.193.in-addr.arpa udp
US 8.8.8.8:53 67.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
RU 193.17.93.93:443 cdn.uxfeedback.ru tcp
US 8.8.8.8:53 cdn-st.ritm.media udp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
RU 193.17.93.93:443 cdn-st.ritm.media tcp
US 8.8.8.8:53 190.15.250.51.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 tracking.datadrivenpromotion.com udp
US 8.8.8.8:53 data.24smi.net udp
US 8.8.8.8:53 tns-counter.ru udp
RU 193.106.95.138:443 tracking.datadrivenpromotion.com tcp
US 8.8.8.8:53 widget-api.uxfeedback.ru udp
US 104.22.40.74:443 data.24smi.net tcp
RU 194.226.130.226:443 tns-counter.ru tcp
US 104.21.62.16:443 widget-api.uxfeedback.ru tcp
US 104.22.40.74:443 data.24smi.net tcp
US 104.21.62.16:443 widget-api.uxfeedback.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 138.95.106.193.in-addr.arpa udp
US 8.8.8.8:53 226.130.226.194.in-addr.arpa udp
US 8.8.8.8:53 16.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.40.22.104.in-addr.arpa udp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 static.rutubelist.ru udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
RU 89.248.230.8:443 static.rutubelist.ru tcp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp
US 8.8.8.8:53 su8z3r0.myvnc.com udp

Files

C:\ProgramData\WinDefend.exe

MD5 48b8111a615d7c128bdbee812e202485
SHA1 18609579af28054974db5bb2ce48e931f662eb91
SHA256 7e6770f76a63eb2ab3cc1bdf182f051a17e906d26edb1a4749bb229d49d22711
SHA512 d6386be8e1958c6a8d7a000f19d3eec5a706e35137eed38e064a5e16b0036a6a4a948ff8495b25c44acd4d571dac8eea08405d68e0d592d128cefdbffe7ce183

memory/3940-4-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-5-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-6-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-10-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-11-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-12-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-13-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-16-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-15-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

memory/3940-14-0x0000020E2B260000-0x0000020E2B261000-memory.dmp

\??\pipe\crashpad_764_AXKNMJDHSKRIYHMY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cdc995c7b6b8795a66fca64620f39b00
SHA1 2a28de15c9529b9d26fe4aacedd8f28d33794997
SHA256 6d0d938e23c0a39f6c6ce94a1327aa2a27d1cb1c8625f18a39c5ebac6e05e2f1
SHA512 b108d65db6034373aee06a6cc38fe0c3f6bc44d226cc8bcdbbd5dbff9b35c5aa601b00e0c1a5ebe017be65edeabd69c173c3cf038d64bae280059bd8a7566603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92bd2589849584d5df7ac3e223c01942
SHA1 8248b8264fda97007b1648c8453c594f0d8b12ce
SHA256 00232d94c13e2a871e5e8b9b8ab0b71fe04df15be481eece763e452d15a00068
SHA512 371bc6d1df2f9274a63b5fe5f55c64126aa5ecb0c4c78360dee0e431bb6d0aff7e4f0e065ffde61f31ab145752572d7df113b0069e855af9d614d07a4608d145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43c7d8e72e3784a66bcadeab3860c18d
SHA1 a138059d92e586e783a5ed8ff76299cfe78694a7
SHA256 03c4928b2ee4c0445d67f6aa7a0df9c15f949e608d12555886a92fda9329d97f
SHA512 6f976e838db8e0f8c38a7234f42f5f5802387727c430571e7380fde53233ed0bb1e344745f68e36d0abf833719464d93da3b8e877c25fb144fc6dcee21cf535e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\739f9b00-8e02-4f51-89c8-5d32b5e7410e.tmp

MD5 cd68f27f8a3cb1b975672b423a0fc8d2
SHA1 31275eb3553cf1921de943efaa71d3c3e587e0d2
SHA256 df95bea693410737fe626e298e2e640cfc2aaf41dc934f17ef7653f66729dca6
SHA512 927e54eb4ee367b88f23ad1985c4d5c6887ed7933350927a5da0f5e4fe44ccec272d8502c1dd00b1acb469b6745fc24c3c089d04048f5c6015684978382f5c0f

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0cb846621f71f25a866a56d794848e26
SHA1 46ee58d1cc9dbbf95709bd1a40f5158f6cfa30d4
SHA256 d7e7fd1cded9ab180c5609117469bb9ef6c74fb2104f724ff4577b8b28ca09f5
SHA512 2f745b13205b2cb391a468366bdeea09876d0679d25f1c645369bf894af6d3e815c36d91e5639719aa714e92fa9dae5195aed0b7a4602b888ec29205a9f56b89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2aaf3bc4bd1c3dc61b911a5b6b54c4ef
SHA1 d791cbabc45dd6130a2b42c4b78b90b064f6fbfe
SHA256 57d8d0edef4842cb0c00f36802b8a9cc49cf5973f2189f8555cc9ecef89ca5b5
SHA512 53da8fc50c21ef4be479ad4daa0937a98fdcaf14532cdc2cd56cf7a6092e863196246981f15fca5bf071c40a179fdb09553ac403d34367596a66c2e7360a701b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2baf6f8a747a67badac1dfe2b370e197
SHA1 4f72d60c5e228c81816ec35b1a8ca7e3bf9ce509
SHA256 e26b5c6606f11e8a25a33b2a3eef164cb3e77df896241db66863f642428a95c1
SHA512 2d84a37eecb406f902e90e8b90dbefa3a3c75f369fbb5b4d402bc7048db33051c162203a83661b074581fddede428ed4899e38798ea615e2093e48ad237b44fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0cb01f0cd04b753a27aba585ad4fe696
SHA1 2629d2fcac442c85a5a75671bb627ea0e8a670ac
SHA256 d01b9d4da18b7f101249c023748846d24f93e88ed8b3cb382b354b1b4676ab4c
SHA512 e38dfb1375811d89ddc59dca181311c4a2ca5b82e6adaacc249e7ebdd15cd0bd7e7fa61497dd52f39f32a588442f1f0767b7bbe3bf633e7661c7328af7349ec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f586.TMP

MD5 4e61379d95d9cbe287c8328cebaac455
SHA1 cb9befd6e8ab29d382a25b811b31d609accbb6ee
SHA256 69cd578c652882d92759a620d8f79ce8333a96ec3c1a80ba7ff763bbf3a7417d
SHA512 ad78a1c7d746c39d9c4aeb560d1997f0ef65e1cc11b2a89168c02f2cb85f32ba70c336ea5b24aab8853cdbfab48f851890bad93d60698f277538e4c84585fbaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 14e24bfe8bc308a9e2fa18ef5077938a
SHA1 ea569d5caf0e31e3be84fc6143618524350bfb8f
SHA256 633aab3c738a9685bd25242c32dfa70c5ca91eff74242d06c84c0ad72676e970
SHA512 2a4716b5627e5887fa951c910c1ff3b3eee198c00f9ad89c3a83dc39ca2390084f54def8df2efb8c8e752a837604bfb464203b9e3e99ea9b082acf55188c50c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590cd7.TMP

MD5 4cd6bbe10ddd80bf40e896d84bdc04f6
SHA1 f722941aa60b56ea43672f4107cf3f06c17a5677
SHA256 a0f6f450940294dbc3c50c56c7dea437b34b120700db63c9a5dabaf8c2e5d0ad
SHA512 963bedf68a8ddf63e34334c37c61964fcf2b3ae7b2b9a5388a7c5cadba8d155e15630167fbd7651d08c946cadbe286569a6ba90e99f752d4fd6080b3061dfe90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt~RFe590d25.TMP

MD5 ac0e772215f6cbf84006de6210530b14
SHA1 e1626559fdf8673e8bd1afa0d2cf9a8b060f2f58
SHA256 c665705d2ef5812ea4c6109d19f98ad4c633c8d6b891a39f056f19efb2f5565b
SHA512 85c01e5ae41c657aeb8f7985081870e3f56cb5c463d07cad29fb72bec1830aa904d2444167425ad6c86f0a64fddb2967874de2c106b849d445b727afb33f084a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\20b5841467baf33cc9eb448cfcf85865957116ba\index.txt

MD5 7daed951d4aa70dcc86cbc5e804f37b1
SHA1 d126a020d89e780ae6bcd38925c8470a5d178218
SHA256 fc5f4181efd7f9051cb6f54a6ce9977858ad312373bcb37d5c5fe714aad989cf
SHA512 9809e780a3517554d99aa4bd434e2229eb001893fb1812c5bd6ce2a6dbbbe910a056a16936f14f598ac5c59039c9f78bdebcd2c67e306e970177aa527280635f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1acab0536215b84d46a0ecd0c87fc06
SHA1 5029784a97b2a7beda4777204e393dc41083f239
SHA256 8bcef3dbc15915e48c7fb8faef677a34cc29888dd0eef2105557819ce2376fad
SHA512 fe2993487fc8944f494af84ea15a958c652b1bc9eac2c2ff04dc3a21090dae343684d25787ae866bf0ff3809a3563144a318a06b12156d8a0b4cca9f3fa6e87d