Malware Analysis Report

2024-11-30 22:06

Sample ID 240704-mhe7qaxhqb
Target 6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace
SHA256 6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace

Threat Level: Known bad

The file 6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Identifies Wine through registry keys

Checks BIOS information in registry

Reads data files stored by FTP clients

Loads dropped DLL

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 10:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 10:27

Reported

2024-07-04 10:30

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645624773183983" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 876 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 876 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 876 wrote to memory of 1472 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1472 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe
PID 1472 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe
PID 1472 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe
PID 1472 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe
PID 1472 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe
PID 1472 wrote to memory of 2896 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe
PID 2896 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 3560 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4716 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 636 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4244 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe

"C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedd29ab58,0x7ffedd29ab68,0x7ffedd29ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KECFCGHIDH.exe"

C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe

"C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=1868,i,6780007949677476449,14046911428283984955,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 clients2.google.com udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/876-0-0x0000000000530000-0x00000000009CE000-memory.dmp

memory/876-1-0x0000000077AE4000-0x0000000077AE6000-memory.dmp

memory/876-2-0x0000000000531000-0x000000000055F000-memory.dmp

memory/876-3-0x0000000000530000-0x00000000009CE000-memory.dmp

memory/876-4-0x0000000000530000-0x00000000009CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 7b8c372faa91e9c2a360d344eb6a19f3
SHA1 0a6b77900620ce7d08e81ee7812e648b68667ec8
SHA256 6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace
SHA512 b0d660a592c725e605a4d726b3b48cd06a129e911bdfd1c0a4f6db8d347f425b08abdb766a0da569a0dff98512a9f56536030061ce52714d1c127bac16b7af05

memory/876-17-0x0000000000530000-0x00000000009CE000-memory.dmp

memory/1472-18-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-20-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-19-0x0000000000A81000-0x0000000000AAF000-memory.dmp

memory/1472-21-0x0000000000A80000-0x0000000000F1E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\a078349417.exe

MD5 747f49b526a931e987825204c1473a27
SHA1 d3c3b40dc5d8f3bfc71c7cd2be06e346ab694fdd
SHA256 5e3cae26ee0d86cf2c2660baf9d0fc27227173cc8440a94abe5c85a698e0293f
SHA512 2b62045a2e6c67916847f793562de04e51a4a9221304df322abd643e98cf0e45bfb4de090d701578cfe039e3a1d98bf2a957a54b74148b56ff0643fd31c1dab8

memory/2476-37-0x0000000000590000-0x000000000116E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\fc20849d1f.exe

MD5 fa96bf6af3e182bfec30c757de22ac18
SHA1 58c94a9d2744f87c524fb0141722b8c4f6d35acf
SHA256 2308dd1f426a877a66b8c1faeafb19ba8810a6d9b1c575dc2250ea53b72e4e2a
SHA512 31d936954fbaf9ed5893b3698390196f650ea28dcfec3ca74b0669141940f531362be4c9577a0799776f72bb1b31e920c1b061a7f90c4b7413567a6254ff47ae

\??\pipe\crashpad_4244_NTRXNBPSWHMMYXGN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2476-64-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1472-172-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/4228-174-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/4228-175-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/2476-180-0x0000000000590000-0x000000000116E000-memory.dmp

memory/4936-184-0x0000000000620000-0x0000000000ABE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68b366b31b4de2e0431b4e17de23d58f
SHA1 10d09024cfc9e1b9e6d99dc48174bfbca195880a
SHA256 7f471ae81f2c03c200a3fa98c4b640f2a1cbea059fb2cbe1b81c1ba9a3d00ae5
SHA512 56252addd162af5465807681419c37a9bd32d492767bf2132778b3d41ebd81cc29b6ecd947cad2f1033c52bd54c4d36ba43674a16ffb8dc060737cb73ca01398

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a04d2fc39a2a42a19107d93cb1c9daba
SHA1 82e1ddf1c1258595c92cd21259d71c903f7a9a5f
SHA256 7ca8fa7d0862ebea3e11372109ad0973c3249c0f2f17b4f48f37aabefb7d8e8a
SHA512 a74d46120660f298f20eabfe911ced3527f5d9f30c42c126a3f0ffe8e19db0fced25e73a1807d190941f6adbdbb96b76a7c9be90e4e09296173a67206f2ea032

memory/4936-196-0x0000000000620000-0x0000000000ABE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 044ae583b341a1f47c1025048962a653
SHA1 09589f3311448cfe3cdf79e1e7c4893e1f33bd4b
SHA256 844fc044fe845bbb07244548c224cd05f4aeb9a263850f1cfe2b7720cd6f87b3
SHA512 cab41bdf3358f9a209b301916fedbfe8ce1ca048c19b66a44f935388f8de2d29123fddc90cc7710594d39fe5e8900e6e21cce5ab37eb97686d1c1b5be943d4fb

memory/1472-202-0x0000000000A80000-0x0000000000F1E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6e4df22ca67eaea4dd3f8e836685581e
SHA1 7812709fcfbe634ebd2d9c39b5cb13a7620456c9
SHA256 08f74671849ba9585a24936117dbdaf9f1bb88499aae3b5459d8ba2f0a63ce56
SHA512 308ac64237e73c0992f6e064f0d0d3fc7c32b8d3e9b93d2c31a7c5866779cc8104e10b19c87938fd7502027f59b1ad5468210d80d3f01863c934d7596e33875d

memory/1472-212-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-213-0x0000000000A80000-0x0000000000F1E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6eeee1ac7f5638b1b61b98c7d00f7efa
SHA1 c74ea68f88366476768199bd317edb03d2b567e4
SHA256 43eacd0e89fa75a313709c053ba41a3359e1810c46df92f761af7403488e1ae2
SHA512 6e0bd6b1e7389da9b633759219de20f4dc57d7fc7b89749edad9f5be1b9fd04b98a1f12b4639f6ab9a5d0ff18ef8d387f68a24c9bbf2c2affd7fc442b23382fa

memory/1472-219-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-220-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-230-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-231-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-233-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/6064-235-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/6064-237-0x0000000000A80000-0x0000000000F1E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fc77cab5522e9d5b7cd96d4e7e128fe1
SHA1 b21fd2b8cb90d1269f4159e49c3d2d00108213eb
SHA256 cffd7dfc2048c013594f49495cf71a0fb5f0e589b8a0f2e2579ce503ccd0603d
SHA512 054d7ac829a453604a8a01228467c16bc6de246f677a8b597134c25da7995a46d0dc1022de93a0a807e9deea5d0e97c1bc4cf7fbfce5b1c04738a795d06fd462

memory/1472-252-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-253-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-254-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-255-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-256-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/1472-262-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/2600-264-0x0000000000A80000-0x0000000000F1E000-memory.dmp

memory/2600-265-0x0000000000A80000-0x0000000000F1E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c2ddd5d18647e2b930c89cdb72969d14
SHA1 fdb4a02fa927a94686290abc180ad420dfd14653
SHA256 aeb92b2ef5cf20a6b22bb7ad9174a52839da7f97217e22d7c86af50f981213a1
SHA512 eb4780ad1f58471ba1f89bedff826bf0fa24000e433099cd278005f5dee10706ae97fb37bcaf3e42ae9978ed36c80236e4618758608f4584e14a3a5ec3acf188

memory/1472-275-0x0000000000A80000-0x0000000000F1E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 10:27

Reported

2024-07-04 10:30

Platform

win11-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645624760364910" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1688 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1688 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3056 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe
PID 3056 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe
PID 3056 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe
PID 3056 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe
PID 3056 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe
PID 3056 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe
PID 3696 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3696 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 2896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 788 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 1836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 1836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3316 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe

"C:\Users\Admin\AppData\Local\Temp\6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff875f3ab58,0x7ff875f3ab68,0x7ff875f3ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3464 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KKEHDBAEGI.exe"

C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe

"C:\Users\Admin\AppData\Local\Temp\AFBAFBKEGC.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1724,i,9561244905664497628,2505401384978326610,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp

Files

memory/1688-0-0x0000000000300000-0x000000000079E000-memory.dmp

memory/1688-1-0x0000000077E06000-0x0000000077E08000-memory.dmp

memory/1688-2-0x0000000000301000-0x000000000032F000-memory.dmp

memory/1688-3-0x0000000000300000-0x000000000079E000-memory.dmp

memory/1688-5-0x0000000000300000-0x000000000079E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 7b8c372faa91e9c2a360d344eb6a19f3
SHA1 0a6b77900620ce7d08e81ee7812e648b68667ec8
SHA256 6294ab0c9c38f852221d0977bcd9b6fd8884eed85427a19dfc7ac0ab0bcd0ace
SHA512 b0d660a592c725e605a4d726b3b48cd06a129e911bdfd1c0a4f6db8d347f425b08abdb766a0da569a0dff98512a9f56536030061ce52714d1c127bac16b7af05

memory/1688-17-0x0000000000300000-0x000000000079E000-memory.dmp

memory/3056-18-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-19-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-20-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-21-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\40a34287e6.exe

MD5 747f49b526a931e987825204c1473a27
SHA1 d3c3b40dc5d8f3bfc71c7cd2be06e346ab694fdd
SHA256 5e3cae26ee0d86cf2c2660baf9d0fc27227173cc8440a94abe5c85a698e0293f
SHA512 2b62045a2e6c67916847f793562de04e51a4a9221304df322abd643e98cf0e45bfb4de090d701578cfe039e3a1d98bf2a957a54b74148b56ff0643fd31c1dab8

memory/1100-37-0x0000000000FA0000-0x0000000001B7E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\1fc74bcb74.exe

MD5 fa96bf6af3e182bfec30c757de22ac18
SHA1 58c94a9d2744f87c524fb0141722b8c4f6d35acf
SHA256 2308dd1f426a877a66b8c1faeafb19ba8810a6d9b1c575dc2250ea53b72e4e2a
SHA512 31d936954fbaf9ed5893b3698390196f650ea28dcfec3ca74b0669141940f531362be4c9577a0799776f72bb1b31e920c1b061a7f90c4b7413567a6254ff47ae

memory/1100-56-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_3316_PTVKKJNKYUNGUCWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/3056-162-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/1100-176-0x0000000000FA0000-0x0000000001B7E000-memory.dmp

memory/4184-180-0x00000000006A0000-0x0000000000B3E000-memory.dmp

memory/4184-182-0x00000000006A0000-0x0000000000B3E000-memory.dmp

memory/1792-185-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-184-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/1792-186-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 771ef045c3b11ce3e5d11a7d4c831469
SHA1 b79f36e919d52f80714220af58d2627d8067c712
SHA256 294823d610c9a0c169ebddd3fdd20c1c8e5acdc23e1f10687226c1a521c1342c
SHA512 201a8176c7e44fb55d713c0bb191616358c8105fdb0083797dc8cd2358c0da8d7b76b655bf9385deefa671abcfca17989851d940c44e9283f806d5a19cb341f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b09b494777a578820cef9be4a57cc3c8
SHA1 63186a9b2a159c9f7f52619703a317386e19412a
SHA256 cd3575bfad4b167c5dbcda7aad3c0ab61bb2741e88ab737121a550de0e6f8575
SHA512 b0c308fac8cd893fe6dd3e44d8561d8fcd1ec4ef68086bb6896168ec1b39f3d00736d1f29da28bb28592ac4a13ff3b63d967a84d7b717e1b169a6de074464655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 55a6ead6563d3a02bd5459d887311f28
SHA1 bd2e4c856ee0676180b3f2e2e3ca432f1ec9083d
SHA256 a90a999a6356110d339479d168d22a306423d0170f61a5833898ba258fd1d465
SHA512 383852af30e5e4da83d52cd2b3bdf136048181a54ff15c1b402228b92a8b23835c5e16e68628b5e8f9f42ee86486964041a4b9ca9b0da2fe20eba4a1f8a6a036

memory/3056-202-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-205-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-206-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b2bac2465ef59bdd433ffe49d443c7d9
SHA1 8c2a4dcee37f476d9104df3e6be424f1ce84aaf9
SHA256 c2b9ea395d35de13fd8485a6d9e7b6e53a49a9ad0e0752b3ffb688f9fee33ce7
SHA512 223e33a36627957a07d1ee707b84eaf8f39bb3c01d003fb5f9c9b2d8f2c8615ba0fb1311d7554af4c14352f7468f9acd729720763811054882aa1ea6f580df85

memory/3056-214-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea9d35f2f8fff2e2ec6462f8b18f1ddb
SHA1 04da74c5a281c5c9a33b065984e5d19dcce57a04
SHA256 5b1a6816f2d7efe0049ef7feff838e3e791aac75c7c2eb2c3058a3b88f6b27e1
SHA512 09c02cd4b0bae9ebe69d2e7e708b9a45f4dfd6a51e4491ef676e7dc7db4f1e65dc4dad2bc0444d97b26443b899396dcb23d53fe6ca19193d4daefbe66baa802b

memory/3056-220-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-221-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-231-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-232-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-234-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/4544-236-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7659e61d67e88348afc01d4813cdb723
SHA1 7ae5fbc4f5c08c084339d6b86745d1f6a0714801
SHA256 7dc4fe062d6ef72393f5ea9099da6151b156ddbfe6916495483fc7a53b07a4d4
SHA512 b875239792a4ac5dc2c1101aa7cef746b3b3bf84be293bdced9edcab4b41306515382c9ec3bb2ec04da341dfedb52fb05da728796858e66209fcc6543f28e6da

memory/4544-251-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-252-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-253-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-254-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-255-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-256-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-262-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/2908-264-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/2908-265-0x0000000000060000-0x00000000004FE000-memory.dmp

memory/3056-266-0x0000000000060000-0x00000000004FE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e184681ffa7159d799acbccc4cca3075
SHA1 e58bd5e198c35fb72095bb2d989470cef35228b6
SHA256 d7121a73e0a04601c11de510919fa4cf4b6d913d8f0ed23a8afc17ffb4a8cedb
SHA512 421a409536c0e36a78c267c681f6b8d6104e0d0b07a04e3024dc6a78f1c3b22c6c0f538dc4471a3debb7f330d2a2bf950ce4333962587771022f16b2af695885