Malware Analysis Report

2024-11-30 22:05

Sample ID 240704-es3rrswcje
Target file.exe
SHA256 9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
Tags
stealc jony stealer amadey 4dd39d discovery evasion spyware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d

Threat Level: Known bad

The file file.exe was found to be: Known bad.

Malicious Activity Summary

stealc jony stealer amadey 4dd39d discovery evasion spyware trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Checks BIOS information in registry

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Identifies Wine through registry keys

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 04:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 04:13

Reported

2024-07-04 04:15

Platform

win7-20240508-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Network

Country Destination Domain Proto
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp

Files

memory/1640-0-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/1640-2-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-4-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-3-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-5-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

memory/1640-6-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-7-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-8-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-9-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-10-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-11-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-12-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-13-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-14-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-15-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-16-0x00000000009D0000-0x00000000015B7000-memory.dmp

memory/1640-17-0x00000000009D0000-0x00000000015B7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 04:13

Reported

2024-07-04 04:15

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\file.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\file.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\file.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645400108756250" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\file.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 672 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 672 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 672 wrote to memory of 4740 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 672 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 672 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 672 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\file.exe C:\Windows\SysWOW64\cmd.exe
PID 4740 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe
PID 4740 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe
PID 4740 wrote to memory of 5052 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe
PID 5052 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 5052 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 5052 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3264 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe
PID 3264 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe
PID 3264 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe
PID 3264 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe
PID 3264 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe
PID 3264 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe
PID 4992 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4992 wrote to memory of 4344 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 1136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4344 wrote to memory of 4704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\file.exe

"C:\Users\Admin\AppData\Local\Temp\file.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IDBGHDGHCG.exe"

C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe

"C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5b5fab58,0x7ffa5b5fab68,0x7ffa5b5fab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2476 --field-trial-handle=1928,i,15375534458780900410,18110123202217391851,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.38.117:443 beacons2.gvt2.com tcp
US 216.239.38.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 117.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/672-0-0x0000000000E00000-0x00000000019E7000-memory.dmp

memory/672-1-0x000000007F690000-0x000000007FA61000-memory.dmp

memory/672-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/672-78-0x000000007F690000-0x000000007FA61000-memory.dmp

memory/672-77-0x0000000000E00000-0x00000000019E7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CGDHIEGCFH.exe

MD5 182206467665f105bbd7f5255c35979a
SHA1 7f38f0b0b602c496d7d37a5324ca9f1f598d0ca1
SHA256 4deb7b1193ed389f36eb6d50cb7ae3c046e5244cf07f5e9e9864f23843ac8722
SHA512 de14bbd4eaaa676e6975db7530dd49d272d67d558583476705043ad9c34742f0620d583224ab92b2f02d3323b669a245e1de966709a5da4281ba77b6bf001039

memory/5052-82-0x00000000007E0000-0x0000000000CA5000-memory.dmp

memory/3264-96-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/5052-95-0x00000000007E0000-0x0000000000CA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\8faa7c5058.exe

MD5 f19adb4ea42ab4e1cfe99d50a00956e3
SHA1 5da5eb1c673010c0b9999c4943999696ecbcdc9d
SHA256 9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
SHA512 6583ef56e91d3fb02d75d5cdf1cfd47d543edbefd5c311f1e6ddfb800c943a4504ab0f747829a75dd98a2c8831e010504f1104d115359a3a8848b1645c57ad41

memory/884-112-0x0000000000A30000-0x0000000001617000-memory.dmp

memory/884-113-0x0000000000A30000-0x0000000001617000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\f6960dbf9a.exe

MD5 1384585001b55b9842fc692df60fd820
SHA1 27f51daf47fde62f91e046a84f5a61f168a86aa6
SHA256 cf80e9ec3a6709539ebc8bf755aaaca6621e8b0cc0495c822282896135797f59
SHA512 83011889d18e5fea6381dd7aee3e68ebbdf904f0e660f1cdb47ac74cb5212d8dd7a884a9b2852c3a998cf5e65709f677532e1c120e0ee63e3add12c518e4a128

\??\pipe\crashpad_4344_DDKVEIGFIWQSZAFC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3264-182-0x0000000000990000-0x0000000000E55000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ad8832f370c76caac29fa6388d25793f
SHA1 1e44957897f4eea005d41c397824b88d6942c5c6
SHA256 6e6957573de552a9d59f5a03971169bf719922cd7940ab150fa68c49a0104027
SHA512 9e77a35e3b6e046be5af9f370e1234abd9ede9625f2a1014465958c0660c584d22490de53c1455847ee5a3da50db5832916436aa145c77bcf7cc6cb26f32f967

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b9184d8b97039f1dff00345722e7517
SHA1 e9d6ca9c502fc01cb9f51333911197b3b01b1656
SHA256 35c4a119e870d8eac1ce83f8b5a87a5a6062cf9276b2cf63588282edb84c5834
SHA512 be9ce000275046c5e58956624fd1ce6bb2487c9b6fba9766c3c52f48fee7236b744507862a3d8e86a8e48f572b692393929e60bbcb88c2f92e76cd29591114dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0cf1e629bfb468b60313bd3133de1a0
SHA1 0478f8b4703a050e4c044f6ae50961f359bb4772
SHA256 981c39b9094e10167b4c5665f9587564cd7967c95504b9ca260d98009eddc862
SHA512 b2f16b51aee3f4a9e2cf5296a8c2b863bf856104b08e497ac46d06e4bddd461bf72ffb780b6ab2e47309ee20a4b55a507e370196420ef9ea4b871cb1e32a23ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5375563e38e2b6fc973a6350ccff3982
SHA1 e573827e948b7118960150538b949b8aa3f3acfe
SHA256 ef61418dbbe82efd98054e22234529eeeecb11c91cfb80a911c486cc584b119f
SHA512 084112116f3b739eac9cb6253bc86d39701ff39a6df824095aaccf2998b5cd58dd1eeaf0b60c408e82601e043de447c2f0482482c3e61af0e555c00c52db263b

memory/3264-207-0x0000000000990000-0x0000000000E55000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd05f376271f8fd660c7b275eaeea21e
SHA1 eb2054c9f2a30385d164b044a186a00d2c2d2167
SHA256 fe8ee540b6e4fde9690e022fbeb1d173f079de192d1cab1c7bbd68ad1569ac3c
SHA512 1e92c2a0e4eb9e55b0b0b858e1fd86973ccb0cd0934339de751642697b9ee79e5a6f8f6a87c703bfac2362aaa0f1710d5771f4ad9308e23ffce33ae824f63b90

memory/3264-213-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/876-215-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/876-217-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-218-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-228-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-229-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-231-0x0000000000990000-0x0000000000E55000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 26543b4995c8c201fea6ce9a5d74c328
SHA1 66a37f766b4b434348d4fb9ad88add4cc0825d9f
SHA256 52c6314ec43363efd5561271db19ba5f23dbabae2d9e3de592a149ad5438a68f
SHA512 ec6d8a2d9e44bbb765486b47b3a7b93d2fea1e0773a6ad1cb4b3d27910c32ed30a79848d483c5bfa0d6f3242061808b5e14572c77f7de5670472048d1ab71e78

memory/3264-246-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-247-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3788-249-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3788-250-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-251-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-252-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-253-0x0000000000990000-0x0000000000E55000-memory.dmp

memory/3264-259-0x0000000000990000-0x0000000000E55000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b0519a06061b02e6a654be9b51e274e
SHA1 00493418d923a49e5d125d45f79a6ba6619930db
SHA256 038343ae210756107545a83560243a51ef751c70048ffd83701c245ddbedd562
SHA512 a9da9a8b491de0e50179b3dfd56cb0ec9f201f56d3fb9e83c7ea0141a7f7da486ad79fb255847601c1f7fe4c8cf6dd87abc8cbd764c39a51f4cb79de165ef1e2