Malware Analysis Report

2024-11-30 22:07

Sample ID 240704-cdeqaazgmd
Target bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe
SHA256 bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13

Threat Level: Known bad

The file bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies Wine through registry keys

Executes dropped EXE

Reads data files stored by FTP clients

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 01:57

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 01:57

Reported

2024-07-04 01:59

Platform

win7-20240611-en

Max time kernel

53s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 288 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 288 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 2448 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe
PID 2448 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe
PID 2448 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe
PID 2448 wrote to memory of 2832 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe
PID 2832 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2832 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2832 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2832 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1016 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe
PID 1016 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe
PID 1016 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe
PID 1016 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe
PID 1016 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 1016 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 1016 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 1016 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 972 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 972 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 972 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 972 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 912 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1828 wrote to memory of 896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe

"C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe"

C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe

"C:\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7479758,0x7fef7479768,0x7fef7479778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3212 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1376,i,2690698493339739214,2464881701218696937,131072 /prefetch:8

Network

Country Destination Domain Proto
RU 85.28.47.4:80 85.28.47.4 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/288-0-0x00000000000C0000-0x0000000000C9F000-memory.dmp

memory/288-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/288-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/288-67-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/288-66-0x00000000000C0000-0x0000000000C9F000-memory.dmp

\Users\Admin\AppData\Local\Temp\KECBGCGCGI.exe

MD5 6c4ea5959222315f89ec2a4c31a79b42
SHA1 b0e03f4bb8f6cd1e0d35abe12e6a38f500b61c08
SHA256 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
SHA512 32697372fdde9adb6994838ff81d00b8e02d0e26ffb2feb8eaf366180bad7b7e0a22c8e92284680733ef1015b437144694793cdfc7791913b1a6f9771fe67695

memory/2832-82-0x0000000000170000-0x000000000061F000-memory.dmp

memory/2832-118-0x0000000000170000-0x000000000061F000-memory.dmp

memory/1016-119-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/2832-116-0x00000000068F0000-0x0000000006D9F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\eb9a95b85a.exe

MD5 1323616c7b4228edd3735c144d4632c2
SHA1 34c45567ebdfcfeeb9d950aa527bf3bac2709a41
SHA256 96a32d13cd84073e06f1b0c27c7daf3192bbce58278fbf5c1270bcae4c0eba37
SHA512 d023ba0ec57b3a80fdba972c259b60f4f3779a0d9692317e3e009507b8adf9bb66b63aa09214677dd8294750d7e8d6250722b5687fcca1e9eb7da16718c6a079

memory/1016-140-0x0000000006E70000-0x0000000007A69000-memory.dmp

memory/1096-141-0x0000000001320000-0x0000000001F19000-memory.dmp

memory/1016-142-0x0000000006E70000-0x0000000007A69000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe

MD5 08adf93a86b983edaee843e01f85fddb
SHA1 1647634a1bdf17e3944046992f03e52ccbbc9f7c
SHA256 1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e
SHA512 60d37930bf6845cea06eaa3d7a48b97d17ff2b24cc8725814b4aae9ce2de2fd5964e690489b8e9f9126bb57b685191bb922640a4d6c123d9749845075224ae0e

memory/1096-159-0x0000000001320000-0x0000000001F19000-memory.dmp

\??\pipe\crashpad_1828_EAKOCDTNYGTKEEBK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/1016-233-0x00000000011F0000-0x000000000169F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/1016-254-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-257-0x0000000006E70000-0x0000000007A69000-memory.dmp

memory/1016-260-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-261-0x0000000006E70000-0x0000000007A69000-memory.dmp

memory/1016-266-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-267-0x00000000011F0000-0x000000000169F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6187ed02e0211f4d6caf1c4bc61301d
SHA1 8ed350d1545b138e997c5b900d1d5303b85e0663
SHA256 d110a0752064e86cb11da266f2b2d23886e99fa537f839e5703b9076e9917d80
SHA512 5b432366291dee993de0c650669bb24804a1bd2f96fbf0f789e00eac9430275c16411495338678b7fae2cae6f7efebe9ed42d01be4cf723696a9efbe4e703a9d

memory/1016-275-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-276-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-279-0x00000000011F0000-0x000000000169F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b31d664fc5dfd1ba7d6d9efe11c1c526
SHA1 cd2b4759c7dbda3b627d0e77e1e94df27075e9fc
SHA256 f87ff5e3420075071cf67c9efea4de989a75b3e0d6ecdff950d49a62510a6e47
SHA512 64dd2f4083fba4db832bfa48872a6f96c7b5f3a2ffba58985121a54a6533571c0365463e9c0440be65dbb3d7d35ca8d0093ab9af8924c6d95922c41d16d96ab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f73352890c46eb8a39bdebcff7b77c49
SHA1 ca4bc589ae0cac2469b01e1dfff75f5ed0a02821
SHA256 674af2fc89443e730ad742272ef134ae57c9fe8f7a464b1cb1afd08fedf704b0
SHA512 55398513a43cce6ce270820fb3bbfc3fd8ddca03bca69f57bd807c3143c07c5f86814f5056d12d1f844d5e95cf242f001ecff0e6dfdb8c72e26a076869d6214a

memory/1016-294-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-295-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-296-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-297-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-298-0x00000000011F0000-0x000000000169F000-memory.dmp

memory/1016-299-0x00000000011F0000-0x000000000169F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 01:57

Reported

2024-07-04 01:59

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645318674119875" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3112 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3112 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3112 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3112 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3112 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3112 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe C:\Windows\SysWOW64\cmd.exe
PID 3960 wrote to memory of 4528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe
PID 3960 wrote to memory of 4528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe
PID 3960 wrote to memory of 4528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe
PID 4528 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4528 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4528 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 644 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 644 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 644 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe
PID 1940 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 3424 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 4092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 4092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3424 wrote to memory of 3820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe

"C:\Users\Admin\AppData\Local\Temp\bf5ba13df7f7549e987f77091823fd0f77ba7fd4514000e60ad9a4c28f949c13.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FIIJJKKFHI.exe"

C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe

"C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0a78ab58,0x7ffe0a78ab68,0x7ffe0a78ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 --field-trial-handle=1912,i,2467652216331737151,11400500316938559479,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com tcp
GB 142.250.178.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

memory/3112-0-0x0000000000D90000-0x000000000196F000-memory.dmp

memory/3112-1-0x000000007F2E0000-0x000000007F6B1000-memory.dmp

memory/3112-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3112-78-0x000000007F2E0000-0x000000007F6B1000-memory.dmp

memory/3112-77-0x0000000000D90000-0x000000000196F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EBKJDBAAKJ.exe

MD5 6c4ea5959222315f89ec2a4c31a79b42
SHA1 b0e03f4bb8f6cd1e0d35abe12e6a38f500b61c08
SHA256 03a7ad5cb5baeb292c5a521a57912ebe7f5541e0f18a9c77664d861bea822f39
SHA512 32697372fdde9adb6994838ff81d00b8e02d0e26ffb2feb8eaf366180bad7b7e0a22c8e92284680733ef1015b437144694793cdfc7791913b1a6f9771fe67695

memory/4528-82-0x0000000000BC0000-0x000000000106F000-memory.dmp

memory/4528-95-0x0000000000BC0000-0x000000000106F000-memory.dmp

memory/644-96-0x00000000002B0000-0x000000000075F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\880f763fff.exe

MD5 08adf93a86b983edaee843e01f85fddb
SHA1 1647634a1bdf17e3944046992f03e52ccbbc9f7c
SHA256 1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e
SHA512 60d37930bf6845cea06eaa3d7a48b97d17ff2b24cc8725814b4aae9ce2de2fd5964e690489b8e9f9126bb57b685191bb922640a4d6c123d9749845075224ae0e

\??\pipe\crashpad_3424_CNRYVRVQGZHTMJRW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/644-165-0x00000000002B0000-0x000000000075F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a9e37c21cc0ca548b2b8394f39605d1d
SHA1 b40cc6cc071f857d1c343a4ade50876a800f7842
SHA256 0faf59614fea47c7a33c74f352ccea10cda4fb8cbe4a68c9678161f5d108b7ed
SHA512 38b6bc5088287c43d4f545467b7c5aeac43a1a7e91b11e88e699f5dff86c292c32690cdb6173c48372b5e09d27e4922bb15b1b9e29cea7835daf843f2e4bff91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b93e5423faf80e4de9793c37cad04d79
SHA1 07450dc8375d47b7759e39b115d7304ab39fbb60
SHA256 0919504ac9409aff83d2d9a5aeb86c9b9bbed18405e2b6eec309824ee24d3a16
SHA512 ba70b6e3c8d5103c7cb756ce011b3ae9871492f3e0696b43f4be7a5248695804d4f40c157ceca5f38bf250e88b0227974803b8c2aa302bfe41148a5771e3026f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bfa302c0eb8a63b0f6b0604ed1763b78
SHA1 aa7f8bb27fe6d12c4415fe9e5ec0ac4dc02d5222
SHA256 4c1b9602fb529c2d99048c3e8f307a7993dbfeafe783c5758b75f2b5719749a5
SHA512 c54f22ca060e76790bf84770f22207f1ece14e03e381ca8b1ff9ef8e3639f013c9bb5f19b780ed860c29b4e94028ff06caf07a6e0b97901d435c644be3bd4f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b83ab8270ae8b955e0ea40b85832ee37
SHA1 61f29fe9bdde7ad6545b7ba8cdac1e60a61f702f
SHA256 a8c308f61397477cc83873e89fa2db72da7ceb712d54f1abcc035e97f7217689
SHA512 4b5c1c2dca90c833c74e4fc599992cc97d42c20665e8eedeba4ac615e302aa1ad58605e0588779d870cf30e3bdf4f60a04427a2da1e1a7327106b141198086f5

memory/644-190-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/2384-192-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/2384-194-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-195-0x00000000002B0000-0x000000000075F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb5a4ae6cc9cf7f736f00e55ef7044c7
SHA1 bf92de411a04a4148a1cf0e8253ded4420d5b418
SHA256 23ab3c6fde2170d0123eb4278cfbe6780dfcc9b76aa60d08805b146e4adf0ecf
SHA512 b1cd498ff589563586367bcb5f15824012425f1e1ca7249e7badba2d9a89a80f00ffd97436fd05c2d53733ac8819955e211e9130da1c7e96a4944b7253fffbb4

memory/644-201-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-202-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-212-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-213-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-215-0x00000000002B0000-0x000000000075F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fcdf2f610dd6641766d3c30dd679e200
SHA1 d6c6bd9297da145d599f8e0175577033718b8317
SHA256 89609d26f4aca4c29e62634476e732ef3fb25f9b1566f30adae6115f601c85a9
SHA512 66cda3df354cfa03dfefd84a32c4163413f2aeb8f3cc3ca1e36de3f51a0e4e7bb17f894163f92d717d60dc78e5eb2719cc2112869dfe8c995afefacb69d3e17c

memory/644-230-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/4224-232-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/4224-234-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-235-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-236-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-237-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-238-0x00000000002B0000-0x000000000075F000-memory.dmp

memory/644-244-0x00000000002B0000-0x000000000075F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 34769a0083e4a61dd67f277e044cb238
SHA1 4bff89cd589e4be3b8dceac27e9a2762ab1a6b99
SHA256 7c3929467308d618c57b0633f03d6caf776045ed66c06faa88c3a52c4bac256d
SHA512 35a4ec9763359f0668bdfacfc860e43caf2ca22bbd36bab3dcdc2d38da00f26c915600dae23a648c8d3e90b90b01b1fe48e8fed723501b7434cef4e2c1f0ba59