Malware Analysis Report

2024-11-30 22:05

Sample ID 240704-kze7yawaqb
Target 6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076
SHA256 6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076

Threat Level: Known bad

The file 6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies Wine through registry keys

Reads data files stored by FTP clients

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 09:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 09:02

Reported

2024-07-04 09:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645573407735089" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3592 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3592 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3592 wrote to memory of 4176 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe
PID 4176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe
PID 4176 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe
PID 4176 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe
PID 4176 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe
PID 4176 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe
PID 3664 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3664 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 1784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3752 wrote to memory of 720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe

"C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb58c9ab58,0x7ffb58c9ab68,0x7ffb58c9ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BAEBGCFIEH.exe"

C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe

"C:\Users\Admin\AppData\Local\Temp\AAAAECGHCB.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1948,i,15775517850281229088,18021237188766542040,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.169.67:443 beacons3.gvt2.com tcp
GB 172.217.169.67:443 beacons3.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/3592-0-0x0000000000930000-0x0000000000E0B000-memory.dmp

memory/3592-1-0x00000000778C4000-0x00000000778C6000-memory.dmp

memory/3592-2-0x0000000000931000-0x000000000095F000-memory.dmp

memory/3592-3-0x0000000000930000-0x0000000000E0B000-memory.dmp

memory/3592-5-0x0000000000930000-0x0000000000E0B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 9ab3056049db46aab996ce1e3a95d55a
SHA1 c476519817b7b25c454dd7810468a86bfea05290
SHA256 6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076
SHA512 eff5406e9a637936efa80fdc0672e33eae0555661fa15cf98a7bef304ba8fecb6b7bade7620e303d950e3c97677b89b107a4a2105f2504f151cda9c2475f3872

memory/4176-18-0x0000000000450000-0x000000000092B000-memory.dmp

memory/3592-17-0x0000000000930000-0x0000000000E0B000-memory.dmp

memory/4176-20-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-19-0x0000000000451000-0x000000000047F000-memory.dmp

memory/4176-21-0x0000000000450000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\03e4916ca9.exe

MD5 747f49b526a931e987825204c1473a27
SHA1 d3c3b40dc5d8f3bfc71c7cd2be06e346ab694fdd
SHA256 5e3cae26ee0d86cf2c2660baf9d0fc27227173cc8440a94abe5c85a698e0293f
SHA512 2b62045a2e6c67916847f793562de04e51a4a9221304df322abd643e98cf0e45bfb4de090d701578cfe039e3a1d98bf2a957a54b74148b56ff0643fd31c1dab8

memory/5012-37-0x00000000005C0000-0x000000000119E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\e20fdb05e9.exe

MD5 d3ea96ebf8b022f0483e7b7fe54d41c2
SHA1 88ba17bc5aa324a86df6c491f70758993b016f4d
SHA256 cfcb861232c5a279c00fb72ea2ab408e20e9e159af5e514799aa478d71600ccd
SHA512 bb7abcff7f339925e5321063eb5a37e02699514401b2e194165d712efedf0db591eb3bd2c2fcb5ce08d3abe6da1e4c794a97c8bcee6d9218c23c3c6b8d1f309e

memory/5012-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_3752_DCZCAIKHRCDYCBJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4176-143-0x0000000000450000-0x000000000092B000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/5012-176-0x00000000005C0000-0x000000000119E000-memory.dmp

memory/4176-180-0x0000000000450000-0x000000000092B000-memory.dmp

memory/2104-181-0x0000000000890000-0x0000000000D6B000-memory.dmp

memory/2104-183-0x0000000000890000-0x0000000000D6B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 48da4d604bdb4a7026e5bcde63d07179
SHA1 20e45c9a7ae7c9f1ceaaefd27f95e4cf55537912
SHA256 e42e4b6b7ee442ba31fcefbe8a43ce7df8e4033afe304d756e9daa442ce6667c
SHA512 c1c3f6f662c305c8eea49037cf35f63c33d6cb6d7380c2afa30d935cea90dc45350739c1b509eed7f4c56568279402a6ef4612f954379ab84bc715caf0956190

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 415e4dc4c0d9343b3d254978f5e8ba60
SHA1 155c828c525bb343c064706d7dea66dbd269d17c
SHA256 5bf0be742f88ec757bdd9687d670eea68bd235de52a31c7d48eba8a51b6a9a76
SHA512 a308a45a0b254a51ffcd5bb0b69f6bc62b52f1f29a2f650c70105cff7f7cb487291b8f82bfe2cccaf49a5c72b7ef278155de4901bae97c7642398c547c1cb906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f476a3bda2a9cac2fe5c72cccafd20c6
SHA1 8f80c1d99a901c5e13e59b288b2531bfb80c9b39
SHA256 0dc65252e72c7be21d31938c2e9ac3b3f056d1a605680b5572bb4ef8f9f38dcf
SHA512 4541d2987b0fc9412ab88dfef9a8ac946e256b676383c1ffcab9f5bf1fb7e613d525ce8d8593adab8af1a3f0c8f141c03da25cace84dab89e55a69ae235ddab5

memory/4176-201-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-202-0x0000000000450000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c17827133d2db852ad5ab773cf579978
SHA1 9bd91d9707c9524cc449c328630fb546364e351c
SHA256 d791fe6ef32411f7c8db891e3679bbbb352589942b59eb23e715557fb2c92e37
SHA512 0da0eab44af7d8529fcd2d13a4835739f02c4ebb082237df507190dd6f2b6dfecb805b6c45099b5756e6ff9908cedc4ef5eb921e65480a2ec736ae2740a1e439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6293e054803c91292511a123c940c326
SHA1 86300d46413d76c97105e2cd6ece17d34dc77962
SHA256 7fa5d3223a21ca9d85133c2f525b24702936452870804379ce863ee309f8e687
SHA512 724f129e961a398e76129e4619433fb71795c1d2d52cd48ccb0e6fe877885d5a63aac7dcde5b12b34433f4158a58fd65f5b65268e4008178bb8803fff511b494

memory/4176-215-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-216-0x0000000000450000-0x000000000092B000-memory.dmp

memory/2064-228-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-227-0x0000000000450000-0x000000000092B000-memory.dmp

memory/2064-229-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-230-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-232-0x0000000000450000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dea0f96a1e99afa117ea7e08f06865e1
SHA1 90dadd060850efbcbcf87ef57c4bf87dbf34b39b
SHA256 72f645f43cbbe88820e3309ef3e10ec1d17f0ed70042446bd112e703bc4fed4c
SHA512 aea4fec6525f2408c47f0cfe385ab6d9e7825327179dde2fc917fa2f2a3c258f26f995ed9bef104b91c533d63f959f2df1f0090c0745c554cbdf583717f9c9f6

memory/4176-247-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-248-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-249-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-251-0x0000000000450000-0x000000000092B000-memory.dmp

memory/2156-252-0x0000000000450000-0x000000000092B000-memory.dmp

memory/2156-253-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-254-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-260-0x0000000000450000-0x000000000092B000-memory.dmp

memory/4176-261-0x0000000000450000-0x000000000092B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8220aedaeaaf2f0a5538855f0ec0ea44
SHA1 4a2a889261cfc62b19be3c2f87a344d35f40471b
SHA256 5847df528c94306c17f7a89f018c8cc41fe0a37858291caa6be008d63373376a
SHA512 e8ce9caa6b538d77f1755a48cf77ec5a3a3a62ee7d0bc7994665f30fbf859bbe1cb0c0ec774971746ea6799219e1da99f8c1a5532ec41b25c9f485a25598b366

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 09:02

Reported

2024-07-04 09:04

Platform

win11-20240611-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645573452478967" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4056 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4056 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4056 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1416 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe
PID 1416 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe
PID 1416 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe
PID 1416 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe
PID 1416 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe
PID 1416 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe
PID 436 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3192 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe

"C:\Users\Admin\AppData\Local\Temp\6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8bee0ab58,0x7ff8bee0ab68,0x7ff8bee0ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2032 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CFBFHIEBKJ.exe"

C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe

"C:\Users\Admin\AppData\Local\Temp\KFHCAEGCBF.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 --field-trial-handle=1832,i,11928560340447055595,10900592343032260245,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.16.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 clients2.google.com tcp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/4056-0-0x0000000000060000-0x000000000053B000-memory.dmp

memory/4056-1-0x0000000077C66000-0x0000000077C68000-memory.dmp

memory/4056-2-0x0000000000061000-0x000000000008F000-memory.dmp

memory/4056-3-0x0000000000060000-0x000000000053B000-memory.dmp

memory/4056-5-0x0000000000060000-0x000000000053B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 9ab3056049db46aab996ce1e3a95d55a
SHA1 c476519817b7b25c454dd7810468a86bfea05290
SHA256 6c10908b3abfe8ae36bc24267a64a546bf9bc117b16344234857e8cc031a4076
SHA512 eff5406e9a637936efa80fdc0672e33eae0555661fa15cf98a7bef304ba8fecb6b7bade7620e303d950e3c97677b89b107a4a2105f2504f151cda9c2475f3872

memory/4056-17-0x0000000000060000-0x000000000053B000-memory.dmp

memory/1416-18-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-19-0x00000000006A1000-0x00000000006CF000-memory.dmp

memory/1416-20-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-21-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\71b4390e5e.exe

MD5 747f49b526a931e987825204c1473a27
SHA1 d3c3b40dc5d8f3bfc71c7cd2be06e346ab694fdd
SHA256 5e3cae26ee0d86cf2c2660baf9d0fc27227173cc8440a94abe5c85a698e0293f
SHA512 2b62045a2e6c67916847f793562de04e51a4a9221304df322abd643e98cf0e45bfb4de090d701578cfe039e3a1d98bf2a957a54b74148b56ff0643fd31c1dab8

memory/2204-37-0x0000000000820000-0x00000000013FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\cb387276a8.exe

MD5 d3ea96ebf8b022f0483e7b7fe54d41c2
SHA1 88ba17bc5aa324a86df6c491f70758993b016f4d
SHA256 cfcb861232c5a279c00fb72ea2ab408e20e9e159af5e514799aa478d71600ccd
SHA512 bb7abcff7f339925e5321063eb5a37e02699514401b2e194165d712efedf0db591eb3bd2c2fcb5ce08d3abe6da1e4c794a97c8bcee6d9218c23c3c6b8d1f309e

memory/2204-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_3192_PUSVLUDCFKWZCPKR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1416-143-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2204-173-0x0000000000820000-0x00000000013FE000-memory.dmp

memory/2204-178-0x0000000000820000-0x00000000013FE000-memory.dmp

memory/1416-182-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1924-183-0x0000000000CF0000-0x00000000011CB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1553263d2a384fe00e36d71b47434cc5
SHA1 70fe433aeb7e01696c82a65f036328c1d49f9c15
SHA256 ffd0284d86dd64a28b80b8ebe7717699a8c09d6ca7c253b26e5eaa531738d58f
SHA512 0dbfb3456f06ba15d72772b21a7451e00416a2947d32c82877f925f15b3d22abf5b02a58d4d0d53e6b396b506f54ed1652621afe3f8fe2d5477c64112dad4f34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47ea62f6d574a7f48c782ad6c57e002d
SHA1 7b83ffad31909636f22d7df9375cccdd6da629c2
SHA256 e0e556f08ad3a820278a7800dbedd6823795b34ca5636e31db17980c7fe42ba8
SHA512 ee8b238acddb0f13e9c90bcd9e33f1f66a7382cea18343f0fc22cd504abf2a65230a9d88e3d1ea1d864874605e0e3348ffd6c7f7e5791b5a06d2c262cca1ab4f

memory/1924-195-0x0000000000CF0000-0x00000000011CB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4a68a9e3aa5286ca5bc05b8ca177798
SHA1 fc2de1f3e7b1252cc898feb4fb843709bd9089e8
SHA256 203115ed5c9967136178a7905396fd0e399edf62b7bfcfef0ab6911b152ae493
SHA512 431570ea59098246b757422c5e1bc0ec4bcd42c6e8e89c53145693ec688458063724c2d4a502eee1b355f24a4204f664e2f281cd0b338ee619503c233160a21d

memory/1416-201-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b4132ed4a4cfd6774f238a57b4375af6
SHA1 e4757beba97af8365a849a75956a40dd1c8cef9e
SHA256 362543b243f7a13e5a290938309dd3a878c19567f253c15d3e99a4817dc52e70
SHA512 4f9ea041b400dd9d5d2a0063943ee2b6bd7928cdfabdbdc2d73b0cbfff14adb8b3eeae1e8b0f266a606ee2070164ffaa5f7d758cc015de430d08708a9f6872a0

memory/1416-211-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3e43a7ebb012904f176ecf03b2d9eb8
SHA1 70ea1f8d8f08fec1a10908256413594be87a46f6
SHA256 8804e5a45f053e7a65b913f1687fb9f97d05098ef8409a5a11a240b509e8ff44
SHA512 d0b1fa462f449e63045a7b676ccdbf2583a1e947e810e1ecaee7be3a08f884200d1b3a8c2ffd57f3698c8a524662769414e64cea90faa0ceee953b8012b6645a

memory/1416-217-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-218-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1092-220-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1092-230-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-231-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-232-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-234-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 104747a1cf991862ad46263da8a14485
SHA1 4c604701aec1a1a0b54a75dadc9ef53b033fe51f
SHA256 748a81dc8c18e8ad79909fb307f08245ad8a8589bbf38ca7a648c6943176e3c4
SHA512 5939ab8ac70b9435f883bb93fa1186b7834d42431c30ae32048ae362e4b86f8d908893dc41fb8218ce87c771e6841f5945bde19b2f187bb75b36f32e21372be6

memory/1416-249-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-250-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-251-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/564-253-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/564-255-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-256-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-257-0x00000000006A0000-0x0000000000B7B000-memory.dmp

memory/1416-263-0x00000000006A0000-0x0000000000B7B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c6c953c7dabc9910d4c11f81e0a8a9f7
SHA1 759e709664755e1d0fd93a3f0047d953edf2980e
SHA256 87fa50cbe8b3ece4b6a42542b25ab6f0110bf97a1e3b2da046390280c0396950
SHA512 fe57f18ed07c63c77d2e10806cae3c26876487e78d96ed1edf7f90cc8c3af0c4f7debea0a3a3420d9483a07d4ce4412db77844392bac09826f66441818fb919f

memory/1416-273-0x00000000006A0000-0x0000000000B7B000-memory.dmp