Malware Analysis Report

2024-11-30 22:07

Sample ID 240704-f5bpgsyeqc
Target 2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe
SHA256 2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe
Tags
amadey 4dd39d evasion trojan stealc jony discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe

Threat Level: Known bad

The file 2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe was found to be: Known bad.

Malicious Activity Summary

amadey 4dd39d evasion trojan stealc jony discovery spyware stealer

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks BIOS information in registry

Executes dropped EXE

Checks computer location settings

Identifies Wine through registry keys

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 05:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 05:26

Reported

2024-07-04 05:29

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

63s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe

"C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 77.91.77.82:80 tcp
RU 77.91.77.82:80 tcp

Files

memory/2452-0-0x00000000009C0000-0x0000000000E6E000-memory.dmp

memory/2452-1-0x00000000777C4000-0x00000000777C6000-memory.dmp

memory/2452-2-0x00000000009C1000-0x00000000009EF000-memory.dmp

memory/2452-3-0x00000000009C0000-0x0000000000E6E000-memory.dmp

memory/2452-5-0x00000000009C0000-0x0000000000E6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 a5e4d4ed37b4d17d556dd8a4bc8a97cd
SHA1 15bc076d18b1ea36ca4e9780ee79b02ef6164e8b
SHA256 2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe
SHA512 188b905d8dac3efda35e1aec0fa2d2d85a9da6d2d7992424da16fa95f61e23fcb454d57c9b905144899786e273a69633fddb656e1afa9429e3fa9995ab0b721c

memory/2452-17-0x00000000009C0000-0x0000000000E6E000-memory.dmp

memory/4224-18-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-19-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-20-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/1836-22-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/1836-23-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/1836-24-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-25-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/1836-26-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-27-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-28-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-29-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-30-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-31-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-32-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-33-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-34-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-35-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/5108-38-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-37-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/5108-39-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-40-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-41-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-42-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-43-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-44-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-46-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4996-47-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4996-48-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-49-0x0000000000560000-0x0000000000A0E000-memory.dmp

memory/4224-50-0x0000000000560000-0x0000000000A0E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 05:26

Reported

2024-07-04 05:29

Platform

win11-20240419-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645444314545557" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4048 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4048 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4048 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1436 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe
PID 1436 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe
PID 1436 wrote to memory of 3768 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe
PID 1436 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe
PID 1436 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe
PID 1436 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe
PID 1460 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1460 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 3624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4964 wrote to memory of 2468 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe

"C:\Users\Admin\AppData\Local\Temp\2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8fa8cc40,0x7ffa8fa8cc4c,0x7ffa8fa8cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4644 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BFCFBFBFBK.exe"

C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe

"C:\Users\Admin\AppData\Local\Temp\KFCAFIIDHI.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4772,i,15759991177602703350,2255419075958725567,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4700 /prefetch:8

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
GB 216.58.201.110:443 www.youtube.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.212.206:443 consent.youtube.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.212.206:443 consent.youtube.com udp

Files

memory/4048-0-0x0000000000810000-0x0000000000CBE000-memory.dmp

memory/4048-1-0x0000000077236000-0x0000000077238000-memory.dmp

memory/4048-2-0x0000000000811000-0x000000000083F000-memory.dmp

memory/4048-3-0x0000000000810000-0x0000000000CBE000-memory.dmp

memory/4048-5-0x0000000000810000-0x0000000000CBE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 a5e4d4ed37b4d17d556dd8a4bc8a97cd
SHA1 15bc076d18b1ea36ca4e9780ee79b02ef6164e8b
SHA256 2e52551c053b0fa2ed76a0e247f6c5d9bd7e31c4d13d0647a44ce3d7441f77fe
SHA512 188b905d8dac3efda35e1aec0fa2d2d85a9da6d2d7992424da16fa95f61e23fcb454d57c9b905144899786e273a69633fddb656e1afa9429e3fa9995ab0b721c

memory/4048-18-0x0000000000810000-0x0000000000CBE000-memory.dmp

memory/1436-16-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-19-0x0000000000271000-0x000000000029F000-memory.dmp

memory/1436-20-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1172-22-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1172-23-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1172-24-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-25-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1172-26-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\1f58be129f.exe

MD5 f19adb4ea42ab4e1cfe99d50a00956e3
SHA1 5da5eb1c673010c0b9999c4943999696ecbcdc9d
SHA256 9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
SHA512 6583ef56e91d3fb02d75d5cdf1cfd47d543edbefd5c311f1e6ddfb800c943a4504ab0f747829a75dd98a2c8831e010504f1104d115359a3a8848b1645c57ad41

memory/3768-42-0x00000000005F0000-0x00000000011D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\591fafbca7.exe

MD5 e2c5fed5716959104ff405ee1de52b50
SHA1 66a19705fba1695a5b282d5385eb9906d12b9cbf
SHA256 d016f01ae94eca2d48e7a9070e6646e2fe0381ca7e2a6e37a8e485d8709f6fbb
SHA512 9eb04dab592f70fe9a6cfd49f5eca51a62e9a1ad2ba76442248a2fadaace41a3345a9cd8ceff29352fcc744199d173fe70006b34525dfde2d5d68cdbc3b7d614

memory/3768-52-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_4964_FJPUUSADACGIGUYZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1436-145-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-146-0x0000000000270000-0x000000000071E000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 866792e1ea3c50a3715b6f6176aa5338
SHA1 75d36ff74f511bf72d28ff20a4a281498f67aec5
SHA256 7a84e8314567992fac147fa25df1cd3b5721d21657d88463bce8fef8f1f0b0ab
SHA512 191410e9f9ed95adefb076fd47aa3bfdae50712f779fd2a389528575024611dd34b78d56939ecde2b1f627d87f3d17b671bf3942120e8344f76d306ba2c7762e

memory/3768-183-0x00000000005F0000-0x00000000011D7000-memory.dmp

memory/244-188-0x0000000000050000-0x00000000004FE000-memory.dmp

memory/1436-187-0x0000000000270000-0x000000000071E000-memory.dmp

memory/244-190-0x0000000000050000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1bedc4e91c5af005b43e938faaec52bd
SHA1 554f2daee4212ec3f49c7324499dbb1ae7870657
SHA256 34376d10ebf2bdb65b22311361a89e191b417f42a06a0199b27e27bd5292a821
SHA512 ccad8608ddca7fbfa001fa776db4c94b42311917b2fa84dd6a434ea28006c48152ee97d9a44df8a7942ca88d0ce068dca1dfc152fa0081d5e132beeeecae2715

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 14abcc23e12e72e6307660c3d55682f3
SHA1 2b4ad77bfb5052cc4dc807b6801ab18ac908ca51
SHA256 9fc1231283158665f167374da72710b66f8f1a5a92825d2a6717a500a716f0cf
SHA512 a7efb76c2128344a8441551877832e5ba516053a2c6e1d3c91ba3fd0444c8370504a9b52e4729aa6e782cb60d594957126f311ed60d60c62b2f5f502be16cca3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3bc3677aef0830c29108defd5d916009
SHA1 f5e4248a2a856f7bb60cfee101797dd690eb4444
SHA256 8f558156f19db0ccb1ba3695de21ce1fe834fa227f78217b4b71b255837af262
SHA512 6438c0e890de2ce20fbe2d5ba92fc7c161ba154e6bfcd69ff7e3b35dedada3420a1c5cc86ddb54ca42c7fa84302b59d66cd90457775c98cfad90b2d715fed772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d658e5a5-2f8a-438f-9fc4-db4326937e05.tmp

MD5 a6c8f0c39c0b03d9c002c1122b57ba14
SHA1 94ed4384d994c35d650080e53db2cd625b8ddfe4
SHA256 2f193b4af2c6d43d7d8b968ba3647dea98e499da9facb24e63530bc11c16c374
SHA512 ae9ce4bd1f5eff134bfa68bdd68921160254d5cf8896e2552655917cebdd8b740cf6aa7c9163336a083bf91a1012cc870dd2f1ce3b2aa7908678a2883227ec0b

memory/1436-211-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e05fc174066df169714f7bf91c91101
SHA1 35c60ce4ab528bc770861795a35517ca3cface00
SHA256 2b9a1cc2c3575050c641c4aae90ce7a8036e2f2e629f4df15e867a95ea31390e
SHA512 28ba8d76734f29c5d05e61fddf44a2dac983ccc31f72402cf82878acce2af5211ff33f97a912b360ed563514468f5cd006482c8151d83a2d6b2081ba2cd13fdc

memory/1436-217-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3625453aabeb5b8a4d47b5a248504e76
SHA1 7f4c5bdb32e170913222d1aab26914972c0e442b
SHA256 d79ece3f6f1ab582ec6c7836a9a20b6fb99cad6afc9ce639f9b23e42bcc738b8
SHA512 fb753ec916dd7bff24dd3495bd41ff580ebacb2d227d1b44736f9aaa6c428e87638d4aa65ccd783764ff52f5f4da6e777d0a23c7e60bed4043e62d00107f1e30

memory/1436-227-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1f27b5408e1f8528854d4c181455ddb5
SHA1 07f66074f9bc6c6f4d5bf56d347710901357c77a
SHA256 098f1f4ba9487431ae9af8b0faf56c095bd11d7f8461e65c624781712b24a8b7
SHA512 64c4413d876e1204f6e8cc4fdcd2efef0575536ecb40f13bbe636aa1baf83d20f0135db71792318cfa88fcb60f04ab6aa8bf1783a41a88ede633fca066e036f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0ad075d-fc3f-4c45-bfff-5632a1610209.tmp

MD5 0d35402a3cc97e0f4cdd04da645cefe1
SHA1 a0fde2562fe72ad0e1fcfe42a8a89e3eed1fe88a
SHA256 d691c5a7cb14c0db53573f03f9ca8f307a38ea02495fddcb851ce3ae2ba86a4e
SHA512 f18f433f256ce44338dd494a10e008442f6aa45d7afb29679173ccf3b7ee0e7abf4fc2a717a9edb4be96198d665acae9ec102eb7d63dc7192d012fe0cfcbbd58

memory/1436-246-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-247-0x0000000000270000-0x000000000071E000-memory.dmp

memory/5100-249-0x0000000000270000-0x000000000071E000-memory.dmp

memory/5100-250-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-252-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 85e4b50ca6646e02730790334b08ce64
SHA1 41cc2f5a1e03eed93c5a4dbebc1bd1b135230cc5
SHA256 7178d0084e2761189da7987cd5a51b194ec9dfbc3c3a02428494eb0536cbd8d0
SHA512 78bc4111a72cdb708862e1cf1d1fe1bc94fc0b4ed35739ef5f4f5713963293455493283a6c3adc91ea8d732d2e4f666df16975d11046c31c0381a0cadea1583f

memory/1436-267-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-268-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70c54c2cd9db39172e96bff76058a26a
SHA1 bd1144c2d8c6167a7c216152fcdd9520036b98c6
SHA256 5cc348cd461dda8a838bbe5d1fcd1040cfd9ac690fc8b63d26eaef1f9dd7bd09
SHA512 aa1fa299fbc21d955ef3257940757cc4ad6f9c44b8971d44ae834ec498dda9fae0a551303f7d68f40092dfb2a9adc35f1718f32686a64ca3587509c43f52e168

memory/1436-278-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-279-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-280-0x0000000000270000-0x000000000071E000-memory.dmp

memory/700-282-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 506b8f9bf6978034ec5fe73dbb4bf0c6
SHA1 9881564745efdee3e0fc5cc9421c774dc7ae142c
SHA256 2347713c96a22347d485fff8e6ff39133612004cfabda77eea8655c308564772
SHA512 91a188d4442716b951e08d00867eb5c0d39352c1ed44134bc77ce3d0285874824ae5c8f49b2afa8b3b37ba27c801086ba35b35bf3abd73bdcc07e8f0f20c18f2

memory/700-292-0x0000000000270000-0x000000000071E000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/1436-309-0x0000000000270000-0x000000000071E000-memory.dmp

memory/1436-310-0x0000000000270000-0x000000000071E000-memory.dmp