Malware Analysis Report

2024-11-30 22:05

Sample ID 240704-hqpznszaqp
Target 449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4
SHA256 449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4

Threat Level: Known bad

The file 449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Reads user/profile data of web browsers

Executes dropped EXE

Identifies Wine through registry keys

Reads data files stored by FTP clients

Loads dropped DLL

Checks BIOS information in registry

Checks computer location settings

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 06:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 06:56

Reported

2024-07-04 06:59

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645498207687207" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4608 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4608 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4608 wrote to memory of 3220 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3220 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe
PID 3220 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe
PID 3220 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe
PID 3220 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe
PID 3220 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe
PID 3220 wrote to memory of 3268 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe
PID 3268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3268 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 2272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 3248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2276 wrote to memory of 1220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe

"C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91812ab58,0x7ff91812ab68,0x7ff91812ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2080 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KJEGCFBGDH.exe"

C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe

"C:\Users\Admin\AppData\Local\Temp\ECGHCBGCBF.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 --field-trial-handle=2060,i,3284794316113043902,3971954504111644438,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 216.58.212.206:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/4608-0-0x00000000009F0000-0x0000000000EA4000-memory.dmp

memory/4608-1-0x0000000077CF4000-0x0000000077CF6000-memory.dmp

memory/4608-2-0x00000000009F1000-0x0000000000A1F000-memory.dmp

memory/4608-3-0x00000000009F0000-0x0000000000EA4000-memory.dmp

memory/4608-5-0x00000000009F0000-0x0000000000EA4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 26d4679603dd85192173f94a939bd1ca
SHA1 73d299766f97ec58c3edfeb192ac2797d3577af2
SHA256 449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4
SHA512 9f027f8f4df51dea06f006f7bdc4991f5012ff299f5d332668fada1fae632477cefdf9456e0531a1b9b8c02114db45fbb78d95dc3e7b9e5b6013213749bdc224

memory/4608-17-0x00000000009F0000-0x0000000000EA4000-memory.dmp

memory/3220-18-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-19-0x0000000000D41000-0x0000000000D6F000-memory.dmp

memory/3220-20-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-21-0x0000000000D40000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\b32ceff9b1.exe

MD5 f19adb4ea42ab4e1cfe99d50a00956e3
SHA1 5da5eb1c673010c0b9999c4943999696ecbcdc9d
SHA256 9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
SHA512 6583ef56e91d3fb02d75d5cdf1cfd47d543edbefd5c311f1e6ddfb800c943a4504ab0f747829a75dd98a2c8831e010504f1104d115359a3a8848b1645c57ad41

memory/2044-37-0x0000000000390000-0x0000000000F77000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\7f8c959be2.exe

MD5 774c675ca5538a3aecbb5248e2c309b1
SHA1 01bee062047192fae4a1cafadc1cac61c825473c
SHA256 e35b613792fa2b43be28182c09cfa9e4b4cafc92cc48adb8c03c77ad656eab63
SHA512 7fedbe5ed8948844dd8f3fa719d6a210a82cf6d5cdda9fb42b0a1925ca9eb8efaadd77b429fe97181795c7eff16cbfaf2889c26074e5ea36975398051ed0383f

memory/2044-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_2276_BOKXHPMTCIQGJSVC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3220-159-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/2660-164-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/2660-176-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/2044-180-0x0000000000390000-0x0000000000F77000-memory.dmp

memory/2356-184-0x0000000000F60000-0x0000000001414000-memory.dmp

memory/2356-186-0x0000000000F60000-0x0000000001414000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2ed98134a634456bbb03a005f615eebb
SHA1 cdcebdd7b317c9234d4f9812de570c2bf5a49fa6
SHA256 ac8e66f429b99b64c605de99c5cc9763bc2889952e643d47d63fbf1480e0a3bf
SHA512 6cca34ed2da14bb5c4f0a0880b0e12b8830d2b495fd47b49c7212dd2d2b54699460c8d54b8025f5c8951f93eeca6dc82507a7c014923c1b8d05ca5e13b36fb7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db4459de62d9837bc779f53eb5c10fa2
SHA1 ce63fab116f3b614da118b68f69abb6a7648d5c8
SHA256 02e1d3d6e2c57f777639e0eb9014bdc48a07a195d6a45e8b46af34e0769ceb90
SHA512 39222229b6dfddc97ad722fe5a40946739ad0b1b0005a2f2a7991195f4a4e288e2f54b2745f54009f5861fc88245f0a0686b88e35acd2c4cea8853c75844f179

memory/3220-197-0x0000000000D40000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3369b2544d954da9a7ddef4d1a14fd83
SHA1 cad8bdc456bfa7a16d7f10070808159178409bf4
SHA256 92880c935a100a9f1c53cf87ffe7a4c8a13a095190499796ef26822f77fb5215
SHA512 beca472c4837c2551f746295fbdb5f0bb98df3e06e340e4a658977d1afef1e232f951dbf7a3474afe4f61d3b1603d9fb4664c26736825bd0f68b589e1d8ad278

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3d443bfe65687e1ccf3bc826a811f1e1
SHA1 46ce26c676f9f1b080bd39ec092bf20248aefebf
SHA256 bafcd2f92843771ea927cdeb6c5c11c61d0b8078685ec836cfe2fd4e0cb4daaa
SHA512 44da4c8dce8f06de277e6994ef3df8cbd06f9f81d4053800137659bbacd8f9a52e988cc44b82c29164827f0f9ca78e0c3682f18938e58e0a21a5076c55c09e8d

memory/3220-213-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-212-0x0000000000D40000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d20a87d19e82a6f66f5a505515d9f6b5
SHA1 8528ea5fa6c4ff57f8dcc4bdc5ad001c67a136b0
SHA256 75887e1cd7fd17a4f7267daa829b84a4067ac4b13ef5eb295fc10b08db3f4c47
SHA512 6f0d6ac897f652e7d834e63b1ddd28849cc314a29b3caa3d1cb44934f2a09f6f865ab913e9d917093f187256f0580a4befa795f8e5fc90b4be57c9023a7cb706

memory/3220-219-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-220-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-230-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-231-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-234-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/2488-235-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/2488-237-0x0000000000D40000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ca2d0515477d793ad7654522874d91a5
SHA1 966d3966225b21a068cd66a0973a1cbde4870ba2
SHA256 6827122076f06e9d223e72c03f7626f476bf8ea9d25271ab9eb988eca9af63f6
SHA512 e51721dd9f883a734d8b0f3d77b62ca2127a2e9aea07566da17f4252a9a8c81ec1b05f07d313b03a65cc284017e8ab8b6b2fb621922d44e85b26aca0b3081ef6

memory/3220-252-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-253-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-254-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-255-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-256-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/3220-263-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/1772-264-0x0000000000D40000-0x00000000011F4000-memory.dmp

memory/1772-265-0x0000000000D40000-0x00000000011F4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 696e9f4756128a02cb2105693f230115
SHA1 79a8942857f731b10c8e152dfb0b9930616b445d
SHA256 afa043859f96000b61c489f43cab6fc9271d207c41ae2f6e78e5c07b1bd9413c
SHA512 08569c10daf81c4dbbc15bf39104f48aac537d92ca56afab6245f575d7d6c240e4a3b6e25a45e820b2d787da88510883a246e7e24f143e9d43528944129ddbc3

memory/3220-275-0x0000000000D40000-0x00000000011F4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 06:56

Reported

2024-07-04 06:59

Platform

win11-20240419-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645498302601378" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1212 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1212 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1212 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3880 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe
PID 3880 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe
PID 3880 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe
PID 3880 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe
PID 3880 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe
PID 3880 wrote to memory of 900 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe
PID 900 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 900 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 4816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 5096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 1048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1528 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe

"C:\Users\Admin\AppData\Local\Temp\449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb47dacc40,0x7ffb47dacc4c,0x7ffb47dacc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2044 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe"

C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe

"C:\Users\Admin\AppData\Local\Temp\FCFBFHIEBK.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe"

C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe

"C:\Users\Admin\AppData\Local\Temp\KKEHIEBKJK.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4292,i,3285341175936794900,14212981493068908487,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=868 /prefetch:8

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.212.206:443 consent.youtube.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 216.58.212.206:443 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com udp

Files

memory/1212-0-0x0000000000590000-0x0000000000A44000-memory.dmp

memory/1212-1-0x0000000076F76000-0x0000000076F78000-memory.dmp

memory/1212-2-0x0000000000591000-0x00000000005BF000-memory.dmp

memory/1212-3-0x0000000000590000-0x0000000000A44000-memory.dmp

memory/1212-5-0x0000000000590000-0x0000000000A44000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 26d4679603dd85192173f94a939bd1ca
SHA1 73d299766f97ec58c3edfeb192ac2797d3577af2
SHA256 449c2da89ec70f128e883513c328533a2f938ac5194c68ff5253c65256fb4ce4
SHA512 9f027f8f4df51dea06f006f7bdc4991f5012ff299f5d332668fada1fae632477cefdf9456e0531a1b9b8c02114db45fbb78d95dc3e7b9e5b6013213749bdc224

memory/1212-18-0x0000000000590000-0x0000000000A44000-memory.dmp

memory/3880-15-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-19-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-20-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-21-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/2668-23-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/2668-24-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/2668-25-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/2668-26-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\850b78662d.exe

MD5 f19adb4ea42ab4e1cfe99d50a00956e3
SHA1 5da5eb1c673010c0b9999c4943999696ecbcdc9d
SHA256 9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
SHA512 6583ef56e91d3fb02d75d5cdf1cfd47d543edbefd5c311f1e6ddfb800c943a4504ab0f747829a75dd98a2c8831e010504f1104d115359a3a8848b1645c57ad41

memory/3880-41-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/2492-43-0x0000000000AF0000-0x00000000016D7000-memory.dmp

memory/2492-44-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\9a17682219.exe

MD5 774c675ca5538a3aecbb5248e2c309b1
SHA1 01bee062047192fae4a1cafadc1cac61c825473c
SHA256 e35b613792fa2b43be28182c09cfa9e4b4cafc92cc48adb8c03c77ad656eab63
SHA512 7fedbe5ed8948844dd8f3fa719d6a210a82cf6d5cdda9fb42b0a1925ca9eb8efaadd77b429fe97181795c7eff16cbfaf2889c26074e5ea36975398051ed0383f

\??\pipe\crashpad_1528_FYVCTWRODNHACSQV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3880-169-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/692-180-0x0000000000070000-0x0000000000524000-memory.dmp

memory/3880-179-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 0a15ff9f45a4e36703886c77fd2ee4ff
SHA1 1205e92a3b005c8ef0379fca7161dd882ad2820b
SHA256 d93f6641b06a94643ee8f08a6b18819eabe83ccce5949b26ab7a8336f18d6d8a
SHA512 516eb97b32140975ac2e247561a39682386c77d0df519c7992199da2510100a49bedbf1527d367d6e981aa0a1d8abdbfaec1bd001dae5abe9b7bed0fe4f03739

memory/692-187-0x0000000000070000-0x0000000000524000-memory.dmp

memory/2492-192-0x0000000000AF0000-0x00000000016D7000-memory.dmp

memory/3880-195-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-196-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/1904-197-0x0000000000090000-0x0000000000544000-memory.dmp

memory/1904-199-0x0000000000090000-0x0000000000544000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c980d79aa5c3dcb715974c9152a4cc55
SHA1 8dac22684e40419249a9d78a5336408f249ea2df
SHA256 9d34f80e483e83f97b28971a14f8329f68aaf9afac6db1fc8386aac4be55c20d
SHA512 a5d523de70a168875cf83b0573a61b045c740df9ad318d7bfc793acb90c18a3410c54ce94b560ca2a7a58da981512e8211ddde32f99e6f7b6be3ca0c44058ae0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 084a26a4dfbc7511463dbb6c4e32bc1f
SHA1 9209eca046f7ac602269f72dc615246328120a26
SHA256 477dc59870a1b7b70063d666c43cc107b0f785bdcd619b09cfcf5868e80c1271
SHA512 606c4ed83320755e33e5490e6af1bab213e493d23c9e1ae819568bf3b62deeec74b745946c2ccb4c4d1324ef6a2fe5c4b8aa4a05e0e1b22179d94f17a3512502

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8e7a1bbd7d449c846dd6c9b149c69bee
SHA1 86823735c0da8795dc80901e043c9380c756ec5a
SHA256 d81bd7476fba0dfa65894d6dbfe2851804bb4af5fefbb2a77e8ecb69af70501f
SHA512 91003a12ca81417abd8a64ead68db00a71a6d8898691b6f8315b3d7ccdd441d2d5dc8e915c0be5919dd49fcde8178bf7d6f1ad1ebb177e4371b1af25c9027f4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5da52768c74972b385f7f3d3cc62df5c
SHA1 85603070e276d788fbb3b4c709ffb755c73a0851
SHA256 452521c2eee07829ace3ed90a143ca6d8d8c1063c8468bbee4ac28e1e8fdae79
SHA512 8190b7af9b7f515c6fcf0f4d4666648c826b23502309987eb8c53876358903fbbab89e827a1b2192120f934dbbc9a3be8aace0ace08936b3750aba19ed9400de

memory/3880-220-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8db03a422675619a417240a7a385f94c
SHA1 0e3f6c02a03c29efbffd06bfbacfad0b3accbaf3
SHA256 0bb03020f47584144bba22595972f87d5a4c4ef01fb193c1c3c442b4bcdcbbaa
SHA512 da16761349eb1ea65fc884884b61bc0b8c9d9f076dc1d6eca8a5f7f8ada97280cd3f8a85637de991b7e37618d48f5355a3ce60950783f67ac07b69b66803d58e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57976cc1d2b195a7358d6d363e8e692d
SHA1 19727389ed3416482904831d2efb03db11337a6a
SHA256 3b4666d9fae94b2f4bb2b004f736a2985080c69882d94953e54f50eb75a6bbba
SHA512 1722381f20ae65fafe1a3f528311c0ca15fcaceb775fab03a553e1367047937f257c418a2a2d2ede49386385bdf4eff1c04aa00ef094ad03e663a8dca0180d7d

memory/3880-235-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-236-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3eaf97453524313160dbd1f5222d490d
SHA1 2215e83d146e6efd13b065da163f8ac44b66ed11
SHA256 4cbfa928a22334925b271ddf60844cd5555af2054bac74292c3a44043d02e866
SHA512 d69a8fd28e4f7522c4f3c0b7ba58fa4051d7b91a191fee653395472fd9a20195081b28cba016803557fb52b4dad1680a19555e34d48c3f7f61398ba2c727a72b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfe9aa3a5c5b9c210e107e882084a4e0
SHA1 3fa63f1a7043bfb85386bf5731f5c4b30261a83f
SHA256 833c91cfb74c530c5207897341cee8957a74c13f61eb390493479a126be67bed
SHA512 f9962c73ebd47a62ae8bc4106cdec279e169ce8f07f1c1d0b98f0a4698938e6388ab1b1d03df8565595c92f06151e8d8b3dcd80989890e52def21390038b070c

memory/3880-255-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/1508-257-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/1508-258-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-259-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-261-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56cfafaccc512d6e11a4e8ca6fdb2afd
SHA1 46cd87de9f6452ec77e4e7fc0e38b260696675a8
SHA256 12d09a45fdb4713508280052fca9219309d6eff7d14d03a7000b76ea22ebcf8a
SHA512 3faa42b1bd00c1baf93176ae32e001aa0e9629acccaf8f880284919e3c14216d7964e50f933219f06486154ad833907b35cacf2b739b0d16a03aca09cbd5baa3

memory/3880-276-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0974b1bc85e088ff744d428d84717dd
SHA1 ccc6c92d57cd64cd261f73168a693f1be045a4df
SHA256 970232ec368e358c16fa9b78b6934e52fcfc0339698b5b3038c8d827639a93f0
SHA512 9621de248d9c5694cec3d16d7d7bac83a5cb87c7db6a11da8e9c2b5640a69b5a573e55b49cf119033c7844e366804b8f9b5df39b205e75d409a14fd6021f5341

memory/3880-286-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-287-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-288-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0ecbd996f2836c4c6db6bf8ba9392ee
SHA1 f704bb6774f02b02b5901d81377d2d9f7ed7a151
SHA256 94cd40dbb15b92175cdf984be089f9d63c4505f3168e55780d6377b732d4e1f4
SHA512 49aea3a3dce067a3f04bb6a2da01388ae3c3c4bd52925273b92adc24ba581ba2c509a179e6fe3fd4c021837bb1bc4701d0f591db2c2ec6e15eeae08d2d05dee8

memory/1608-299-0x00000000000F0000-0x00000000005A4000-memory.dmp

memory/3880-300-0x00000000000F0000-0x00000000005A4000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/3880-317-0x00000000000F0000-0x00000000005A4000-memory.dmp