Malware Analysis Report

2024-11-30 22:00

Sample ID 240704-p3q6tsxbln
Target 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31

Threat Level: Known bad

The file 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Identifies Wine through registry keys

Reads user/profile data of web browsers

Reads data files stored by FTP clients

Executes dropped EXE

Checks BIOS information in registry

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 12:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 12:51

Reported

2024-07-04 12:54

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645711085574620" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3892 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3892 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3892 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1968 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe
PID 1968 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe
PID 1968 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe
PID 1968 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe
PID 1968 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe
PID 1968 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe
PID 2116 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 1344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 1344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 2476 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 1448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 1448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2656 wrote to memory of 792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7a6ab58,0x7fffb7a6ab68,0x7fffb7a6ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GHDHJEBFBF.exe"

C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe

"C:\Users\Admin\AppData\Local\Temp\KFCFBAAEHC.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1824,i,6978965247980451142,15450746055346311982,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/3892-0-0x0000000000280000-0x000000000073C000-memory.dmp

memory/3892-1-0x0000000077784000-0x0000000077786000-memory.dmp

memory/3892-2-0x0000000000281000-0x00000000002AF000-memory.dmp

memory/3892-3-0x0000000000280000-0x000000000073C000-memory.dmp

memory/3892-5-0x0000000000280000-0x000000000073C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6b6bcb152b6929d38354b322d6ee5ab3
SHA1 6873d54e6fc240b356414656ed7f89cd1a148583
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA512 e9e2eda997af38db09cbc29bb93089d2220448a6e0495a8de029d537a03fce5170ac3bf4bfaec94c338d33870575a85a15ad8299d9cf1396e18f179019d75513

memory/1968-18-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/3892-17-0x0000000000280000-0x000000000073C000-memory.dmp

memory/1968-19-0x00000000004B1000-0x00000000004DF000-memory.dmp

memory/1968-20-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-21-0x00000000004B0000-0x000000000096C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\17560daf86.exe

MD5 fdaa4171e6b15af5628a055bc7a7bca1
SHA1 0f69f54846e26167777e3d56939adc72ddcb545c
SHA256 230280a480e2b4301c9beed0e5519c1f72f8c5a2d4193b5f69d7a02f6884bb16
SHA512 2ef1076ab306bbd90cc1011c60ae8aab8f626942e3ea2a53e755b60ce1f3865d88302d02395271ee184f3f787baa8b7febd3e9473351932c504f5c6f39185d7f

memory/4380-37-0x0000000000F30000-0x0000000001B1E000-memory.dmp

memory/4380-38-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\c14e1c1a5f.exe

MD5 fa76361a71e4112f11a0c02ebcf33897
SHA1 b8bcedf8295046ec565e2c964c66bcc25070e2a3
SHA256 ffb7e5ca5cf4226e78e18a02f3724caa203774b908268f9a8f5e0faa11da533f
SHA512 934d0185459d92f452219b13ee5845b5919842a9841a7e15046608596ee291fe837872741673b7e1e2b19c4f32dc716770c0ae0a2a85840695deda499c456daf

\??\pipe\crashpad_2656_DBKKVNEDWHQPGKDQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1968-172-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/4380-175-0x0000000000F30000-0x0000000001B1E000-memory.dmp

memory/4932-179-0x0000000000560000-0x0000000000A1C000-memory.dmp

memory/4932-180-0x0000000000560000-0x0000000000A1C000-memory.dmp

memory/1968-181-0x00000000004B0000-0x000000000096C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06767911729e046be5a1b61955ec8d52
SHA1 918b54230fb756178907081fb86b2cc979f2cdf5
SHA256 db72f48bff64eec9e4d367272e34b3ea4f231a72b591d6a82d82da60ea5e80a8
SHA512 be939577cc5ef959238c6163121eac3469117dec2f1073449eb91cfed607fd6214e04f0a5029f7155e47053a3e5feba28feb2503acfc35aee040da125b9d0acc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 95d244eb1d4ead1ab90be9dce604b40d
SHA1 a931657e7c4dcc9d16e25e9d4544545e18989cab
SHA256 f1526a0a3b00a64c6dea459c49fddc0f881cb9ca71c7533eecdc1343895019cb
SHA512 040fa1e57c91afba7ffd296fd28d3f84cefa98f3905e04ba511db64d2553e80961d8c561dc91f6a6c7396d993442325c917b14edccd20561e1677b5c87dc1016

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 13404042f0def008c8d8118ddfe20264
SHA1 fe0633b83b01cb39c0e5ff6bc1128f9207763639
SHA256 6b70b99902af257015faecefa204de8f9f95fb4d317394529771510b8fb0a59d
SHA512 a72acba2545cb139dfb9ba3aff3bb423ca22b67e91ba09e561e06c7ec1d5ff2270b1217a22f3fe5b3d7d8055a0406714c11788ca80eac31111e71f9c8a0b6dbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1b5e2e3f0e7f8cced309c9ca518cf67a
SHA1 659cf312a819848701df84377694099074542032
SHA256 54ba3b044c9311ab9ed4b12df5108b1460f930bd522ca648b2e4a5e191c973f6
SHA512 71d20e79ff7aa550bd896dc5afe2a98ee20090c854bca7772b2ca7e3d0e78100dc031c309e1c504e67430bba0edf49e7f9348005420083d32fb61838995bd9b6

memory/1968-206-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-207-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/2196-209-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/2196-210-0x00000000004B0000-0x000000000096C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 870f1f4179f62ee3723ecc4d765c079b
SHA1 0e0b717128b1ce06f04fbd065b4f84aefa115c25
SHA256 490a9bf7a4179d1e35af63a53cbca75411d41b3035465e415c89ff1f72b0a52c
SHA512 03a040592e97a7f16a2c6167cd66296d0396ddfa3611a9ff15e982e430a803d61da643b9fac9a9d7d350f2c007b8810363b19a115425d3fa937da3d0eb4ec4ad

memory/1968-216-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-217-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-227-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-228-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-230-0x00000000004B0000-0x000000000096C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eb0798c1b27f0e2cc22650b55d785c05
SHA1 c944b524b1eb1ca6a825873f0d2919a2d266d256
SHA256 583f791e5cb15c82d03b154fb68ebedc4a96616c056bc31dfb37b62d86a6510b
SHA512 b2bed2927cd290a1c6f88fb914fe6392ed1933bd788139d110941dd0326edff07776fadba89a5befb6811affd8ad77973e8bf159b5568ce42f6c3799246eafe6

memory/1968-245-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1440-247-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1440-248-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-249-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-250-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-251-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-252-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-258-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/1968-259-0x00000000004B0000-0x000000000096C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6982c4f4301453819f68ce8045813fef
SHA1 860a2442dba2dcd4f3b9e72f6f26f4a0484c0bf9
SHA256 00426238c1a9c0347cbc0f15becc344ef818cf4958dc3e5a0c11176e4915e39a
SHA512 4b0f70d0fff3973e0d63e71813585365e25ad83d8e508b87ba7f420638685a2afdd67141c04de8122471405e85779abbaed49d2b1c968949064e4ba24cbb7bae

memory/5112-270-0x00000000004B0000-0x000000000096C000-memory.dmp

memory/5112-272-0x00000000004B0000-0x000000000096C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 12:51

Reported

2024-07-04 12:54

Platform

win11-20240611-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

memory/5108-0-0x0000000000F30000-0x00000000013EC000-memory.dmp

memory/5108-1-0x00000000772D6000-0x00000000772D8000-memory.dmp

memory/5108-2-0x0000000000F31000-0x0000000000F5F000-memory.dmp

memory/5108-3-0x0000000000F30000-0x00000000013EC000-memory.dmp

memory/5108-4-0x0000000000F30000-0x00000000013EC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6b6bcb152b6929d38354b322d6ee5ab3
SHA1 6873d54e6fc240b356414656ed7f89cd1a148583
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA512 e9e2eda997af38db09cbc29bb93089d2220448a6e0495a8de029d537a03fce5170ac3bf4bfaec94c338d33870575a85a15ad8299d9cf1396e18f179019d75513

memory/5108-17-0x0000000000F30000-0x00000000013EC000-memory.dmp

memory/4376-18-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-19-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-20-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-21-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-22-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-23-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-24-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-25-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/2848-27-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-28-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/2848-29-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/2848-30-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-31-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-32-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-33-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-34-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-35-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-36-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/1612-38-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/1612-39-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-40-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-41-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-42-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-43-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-44-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/4376-45-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/3684-47-0x0000000000E90000-0x000000000134C000-memory.dmp

memory/3684-48-0x0000000000E90000-0x000000000134C000-memory.dmp