Malware Analysis Report

2024-11-30 22:06

Sample ID 240704-b96cfazelf
Target 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
SHA256 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39

Threat Level: Known bad

The file 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks computer location settings

Checks BIOS information in registry

Reads data files stored by FTP clients

Identifies Wine through registry keys

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 01:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 01:51

Reported

2024-07-04 01:54

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645315251113603" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3520 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3520 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3520 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe
PID 4532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe
PID 4532 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe
PID 4532 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe
PID 4532 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe
PID 4532 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe
PID 1912 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1912 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 4288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 3932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1204 wrote to memory of 848 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe

"C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4140,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e2c7ab58,0x7ff8e2c7ab68,0x7ff8e2c7ab78

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=3028,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4176 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe"

C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe

"C:\Users\Admin\AppData\Local\Temp\AKJKFBAFID.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe"

C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe

"C:\Users\Admin\AppData\Local\Temp\EBGCBAFCGD.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=872 --field-trial-handle=1824,i,17550510043414179738,12379195300357708736,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp

Files

memory/3520-0-0x0000000000D00000-0x00000000011AF000-memory.dmp

memory/3520-1-0x00000000772A4000-0x00000000772A6000-memory.dmp

memory/3520-2-0x0000000000D01000-0x0000000000D2F000-memory.dmp

memory/3520-3-0x0000000000D00000-0x00000000011AF000-memory.dmp

memory/3520-5-0x0000000000D00000-0x00000000011AF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6c4ea5959222315f89ec2a4c31a79b42
SHA1 b0e03f4bb8f6cd1e0d35abe12e6a38f500b61c08
SHA256 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
SHA512 32697372fdde9adb6994838ff81d00b8e02d0e26ffb2feb8eaf366180bad7b7e0a22c8e92284680733ef1015b437144694793cdfc7791913b1a6f9771fe67695

memory/3520-17-0x0000000000D00000-0x00000000011AF000-memory.dmp

memory/4532-18-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-19-0x0000000000531000-0x000000000055F000-memory.dmp

memory/4532-20-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-21-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\1de9636ff3.exe

MD5 1323616c7b4228edd3735c144d4632c2
SHA1 34c45567ebdfcfeeb9d950aa527bf3bac2709a41
SHA256 96a32d13cd84073e06f1b0c27c7daf3192bbce58278fbf5c1270bcae4c0eba37
SHA512 d023ba0ec57b3a80fdba972c259b60f4f3779a0d9692317e3e009507b8adf9bb66b63aa09214677dd8294750d7e8d6250722b5687fcca1e9eb7da16718c6a079

memory/764-37-0x0000000000DD0000-0x00000000019C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\f42e211e83.exe

MD5 08adf93a86b983edaee843e01f85fddb
SHA1 1647634a1bdf17e3944046992f03e52ccbbc9f7c
SHA256 1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e
SHA512 60d37930bf6845cea06eaa3d7a48b97d17ff2b24cc8725814b4aae9ce2de2fd5964e690489b8e9f9126bb57b685191bb922640a4d6c123d9749845075224ae0e

memory/764-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

memory/336-71-0x0000000000530000-0x00000000009DF000-memory.dmp

\??\pipe\crashpad_1204_WSRBOSDATCNKHUII

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/336-99-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-144-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/764-183-0x0000000000DD0000-0x00000000019C9000-memory.dmp

memory/5456-191-0x0000000000D80000-0x000000000122F000-memory.dmp

memory/4532-190-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3bab4cd3fedb65e707099381bb7d225d
SHA1 76e890811ea0de324f9ec27ae6484033a409f3d4
SHA256 a7111d757d92e47845e725ea4f6e56019a5f10797cce042e18d53a3e97c04469
SHA512 5abb24d9ee4275ab8902d4a8477bba24e4b0da29b0b0e8cff7f026cc8098a3da84c0a71730cb1668ba9526ffb38bf635e2e199d2a9674b9e8d9077398367d6ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2ba6d6cd4d251d40c2c9cd4ed78d715
SHA1 f84e002a17f26af50d6fdc11e06e3b4bf255e062
SHA256 92f76315619a0366050b7626fbc38b4b04c8b1aab7cabb1ede2b5ff548f82978
SHA512 4677ff34508d32db4cec8548664d5f4d87049e75ce997af12c00041638e05ef89bd44c091d6b5a3b9ba004e2f772b814e1054f11cbd051d57a9d902d14649373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fd7ba074318f2695b3faef02d00c6a4a
SHA1 19f2b47d442f97c17f09deec4e571038e58dc5c1
SHA256 4244283e375e205ade7a44d85fad31a34b1f4888224db94f1be113eab4ca5cfb
SHA512 2ca29a7944014fcebc0f15ce44b593ca819ca3efc1250eda8f3ff5bbdb4db7a4d457280d9e2316cca3269864d2d430bcb91b308549f38f92a2aaeae7c06408d2

memory/764-211-0x0000000000DD0000-0x00000000019C9000-memory.dmp

memory/4532-215-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/5224-216-0x0000000000B90000-0x000000000103F000-memory.dmp

memory/5456-218-0x0000000000D80000-0x000000000122F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

memory/5224-226-0x0000000000B90000-0x000000000103F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 cfa36834edcff331e17e91cff674c41e
SHA1 63b2123de252f53ace82a50f97f834e016665ef3
SHA256 17c843081254422c019f8fec136fbef408d7ba1b2328fedebaf0a6201c08b108
SHA512 4eb3de7f87a1df6c8792c0b8d413273b9896a50baa1da3396f8d20ae493cdca2b3ed382e6fca384f6a59851a083bd526d36da9f7ad28c00beccad84ef76819a8

memory/4532-234-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-235-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 63c1f6816b46dd3e4b05b2a93d1c8c9e
SHA1 9845b181ced40939b499153357beaac8afff0066
SHA256 8f0a63cb810f90770eb3b0e6551e8cfdec2590eab2f2a5dcd7086edf10b5fe23
SHA512 d92b251ac7320346ceaec78014c60fd746d6a06d749ac48b23ee6710772df0c24c195f11805074ef84f675aa1ece93411835ddd3f4fab33b75447da5001bdf41

memory/4532-241-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-251-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-252-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/6124-255-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/6124-256-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-257-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9fdf84ec68bb0280ed0a5304e49323e6
SHA1 5c3108f667719a8b922e36edcbc2fdae62d8326b
SHA256 a543e39f4b5cda3c617ff8b048abd7edcc2c5a9f8a92e2400e495c9ae441b707
SHA512 4499b419420a4b908ff6f84a714503c37c71920eae6142fe8e3997592255ea3edda390b796e10ee719a7d456222379f5d24d7bcf96f1478865fd520dfaa4972d

memory/4532-272-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-273-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-274-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-275-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-276-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/6104-284-0x0000000000530000-0x00000000009DF000-memory.dmp

memory/4532-285-0x0000000000530000-0x00000000009DF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5b1298037f1e54deb8b87602043e5d67
SHA1 fcebf0fdd330e54b28829c699ae9f0bf404fb658
SHA256 5cb21a647b3c80c6bf549df0f39536b9de29227af83385c8f51b9ea82e1e882a
SHA512 d4a7f7adf94437a34f60b00cd394748d5adab03794ce7e45665e5b23c9a45c49b88894ba00d17b0ca851dc027aa8028ad7e466d9298202a8c0578c02c31b94f4

memory/4532-295-0x0000000000530000-0x00000000009DF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 01:51

Reported

2024-07-04 01:54

Platform

win11-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645315366551052" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2320 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2320 wrote to memory of 3984 N/A C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3984 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe
PID 3984 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe
PID 3984 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe
PID 3984 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe
PID 3984 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe
PID 3984 wrote to memory of 5052 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe
PID 5052 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5052 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4688 wrote to memory of 4552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe

"C:\Users\Admin\AppData\Local\Temp\03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2bc7ab58,0x7fff2bc7ab68,0x7fff2bc7ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3812 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CFIECFIJDA.exe"

C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe

"C:\Users\Admin\AppData\Local\Temp\EHJKKKFIIJ.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1860,i,12422624595034128805,17106677970941605748,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.4:80 85.28.47.4 tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.212.206:443 consent.youtube.com udp
US 20.42.65.94:443 tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
SE 192.229.221.95:80 tcp
GB 142.250.179.238:443 play.google.com udp
GB 216.58.212.206:443 consent.youtube.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
CH 35.216.230.172:443 e2c44.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 142.250.178.14:443 google.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 216.58.212.206:443 consent.youtube.com udp

Files

memory/2320-0-0x0000000000D30000-0x00000000011DF000-memory.dmp

memory/2320-1-0x0000000077086000-0x0000000077088000-memory.dmp

memory/2320-2-0x0000000000D31000-0x0000000000D5F000-memory.dmp

memory/2320-3-0x0000000000D30000-0x00000000011DF000-memory.dmp

memory/2320-5-0x0000000000D30000-0x00000000011DF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6c4ea5959222315f89ec2a4c31a79b42
SHA1 b0e03f4bb8f6cd1e0d35abe12e6a38f500b61c08
SHA256 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
SHA512 32697372fdde9adb6994838ff81d00b8e02d0e26ffb2feb8eaf366180bad7b7e0a22c8e92284680733ef1015b437144694793cdfc7791913b1a6f9771fe67695

memory/2320-17-0x0000000000D30000-0x00000000011DF000-memory.dmp

memory/3984-18-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-19-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-20-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-21-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\66e1eb038f.exe

MD5 1323616c7b4228edd3735c144d4632c2
SHA1 34c45567ebdfcfeeb9d950aa527bf3bac2709a41
SHA256 96a32d13cd84073e06f1b0c27c7daf3192bbce58278fbf5c1270bcae4c0eba37
SHA512 d023ba0ec57b3a80fdba972c259b60f4f3779a0d9692317e3e009507b8adf9bb66b63aa09214677dd8294750d7e8d6250722b5687fcca1e9eb7da16718c6a079

memory/1516-37-0x0000000000F10000-0x0000000001B09000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\6450e5bfe4.exe

MD5 08adf93a86b983edaee843e01f85fddb
SHA1 1647634a1bdf17e3944046992f03e52ccbbc9f7c
SHA256 1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e
SHA512 60d37930bf6845cea06eaa3d7a48b97d17ff2b24cc8725814b4aae9ce2de2fd5964e690489b8e9f9126bb57b685191bb922640a4d6c123d9749845075224ae0e

memory/1516-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_4688_MRQUMNGHSAXRRALC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3984-163-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/1516-177-0x0000000000F10000-0x0000000001B09000-memory.dmp

memory/4204-181-0x0000000000650000-0x0000000000AFF000-memory.dmp

memory/4204-183-0x0000000000650000-0x0000000000AFF000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 331fdfe68be82f2af166ade8e7986998
SHA1 6a6ef9652cf03d897e9f4df3bb3ad3a6b6dcaa25
SHA256 57e34989cde896dda5ba3c4e40d95c3696401c88a6be1b5c721759921c33d03d
SHA512 401426dbfe33b7f8e03b4927ee6f041ad2efdabd75780a6672f7e49ecb3b6df2d0f88579e1940ababd83f0bb354f2129a9d259c05ec5f362f1b1e0cb956cc317

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28a6626c844325216823cb0ac3a76540
SHA1 ccc1d1d424225241c2d3fe3093670052d8439bde
SHA256 663ec7196388ec5258e768078105071558cf21305caa13f66500b683624f1b49
SHA512 481d98bc6fc5b053062f3de9a70fc28db47308163bffb578da8a69d67fa3c9f15bfcde264a2c218bce7f2790280cf1b447daa781f3531e548c126c471f2cfc0a

memory/3984-194-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cee6ab314f075ed28bad980721d50a75
SHA1 badf160fbbcdb3f1a17d157c236576d0903104a3
SHA256 400b1ecfda4afc9a89fbed381db594a205faad01b96e267512711ce6d0c83547
SHA512 8569fd90013c8d0954c236856d53eef8c0ef173c3415ab0424dbde98bdc8ff6a4264ed367a34c1681e5113c7b394615ec957615d29fbb56288473501a2ce6ce3

memory/3984-200-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0b2041a646fafa5d417a5294ae8267f9
SHA1 3913e0425b792194bc0569498ff53ce4dcf09788
SHA256 497669ade42a65bf121dd401050b0123b8d1ef5a30681d781d5339d622a9fe60
SHA512 4a8df4279b15f98416ae5b4b8f55db16ca6ca53176d9c45a89a3ba00e1b0670ff5ef6130a4b29d680df355865272ab55d56d5848673b2774bd0f5ea149e3ead8

memory/3984-210-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-211-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5c1fa36135faa23d5785a87877b5a36
SHA1 d13b6e64693774442ad6cfb6ade19b9cbd42212e
SHA256 d24a3fc9c69f233f202a3ffc673b20b8350331099356278417e7070c243a6147
SHA512 f0fabcd486b5a8509623491c3f5dc4a6a9132d92ffe41070b436e7b12867e12f374fd8bba3e0ee2e605096c2868cf372c2ba5596f2baf1be5391cbc19d6c14f1

memory/3984-217-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-218-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-228-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/1848-230-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/1848-231-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-232-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-234-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 adf2ae9816228ca2c6e46e9752f53b9b
SHA1 6cbff1ca0eb52606bd0fb79632b8c62677d89bde
SHA256 f3d4f018c2e7c962f3543752e826a3dbdaee583b285180cee7afb309680dd681
SHA512 6c93fc6b8951c013eb7456c4e00dd627d8f4c54e4e6b5665135e9cb5f44a64e086bb3633ba8f98bcfdadfd030ab7dfb1500eab68dec46a0ce81229eeba47a94e

memory/3984-249-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-250-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-251-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-252-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/1076-254-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/1076-255-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-256-0x00000000008B0000-0x0000000000D5F000-memory.dmp

memory/3984-262-0x00000000008B0000-0x0000000000D5F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3766fb1bd87829936603361e6d095147
SHA1 d80d6fb1fa1703f014b12b5ce623a6562d3fcc34
SHA256 6e21511128dd5d54531224802f9ebe3faab49f7bcb84ff5f9f1cf1e9ca447b85
SHA512 727bd3892382ff85e76c074839565bc89dd1dde33390e695ab9feaf3aed53a91313dd72e11a2c64cbd7ba8e6f1b6d82de94606dfed51d94fb4279104d9f5a1d2

memory/3984-272-0x00000000008B0000-0x0000000000D5F000-memory.dmp