Malware Analysis Report

2024-11-30 22:04

Sample ID 240704-p5krtsxbnq
Target 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
Tags
amadey stealc 4dd39d jony evasion stealer trojan discovery spyware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31

Threat Level: Known bad

The file 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony evasion stealer trojan discovery spyware

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Checks BIOS information in registry

Reads data files stored by FTP clients

Identifies Wine through registry keys

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 12:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 12:54

Reported

2024-07-04 12:57

Platform

win7-20240220-en

Max time kernel

49s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2924 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2924 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2924 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2512 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe
PID 2512 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe
PID 2512 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe
PID 2512 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe
PID 2512 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe
PID 2512 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe
PID 2512 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe
PID 2512 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe
PID 2120 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 2440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2080 wrote to memory of 1932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1332 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1372,i,16458611930963951449,13545720121565091797,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.4:80 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 consent.youtube.com udp
RU 85.28.47.4:80 tcp
US 8.8.8.8:53 play.google.com udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com tcp
IN 216.58.196.195:443 beacons2.gvt2.com udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/2924-0-0x0000000000920000-0x0000000000DDC000-memory.dmp

memory/2924-1-0x0000000077420000-0x0000000077422000-memory.dmp

memory/2924-2-0x0000000000921000-0x000000000094F000-memory.dmp

memory/2924-3-0x0000000000920000-0x0000000000DDC000-memory.dmp

memory/2924-5-0x0000000000920000-0x0000000000DDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6b6bcb152b6929d38354b322d6ee5ab3
SHA1 6873d54e6fc240b356414656ed7f89cd1a148583
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA512 e9e2eda997af38db09cbc29bb93089d2220448a6e0495a8de029d537a03fce5170ac3bf4bfaec94c338d33870575a85a15ad8299d9cf1396e18f179019d75513

memory/2924-15-0x0000000000920000-0x0000000000DDC000-memory.dmp

memory/2512-16-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-18-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-17-0x0000000000A71000-0x0000000000A9F000-memory.dmp

memory/2512-20-0x0000000000A70000-0x0000000000F2C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\923918821f.exe

MD5 fdaa4171e6b15af5628a055bc7a7bca1
SHA1 0f69f54846e26167777e3d56939adc72ddcb545c
SHA256 230280a480e2b4301c9beed0e5519c1f72f8c5a2d4193b5f69d7a02f6884bb16
SHA512 2ef1076ab306bbd90cc1011c60ae8aab8f626942e3ea2a53e755b60ce1f3865d88302d02395271ee184f3f787baa8b7febd3e9473351932c504f5c6f39185d7f

memory/2512-37-0x0000000006AF0000-0x00000000076DE000-memory.dmp

memory/2528-38-0x0000000000340000-0x0000000000F2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\7beec600e6.exe

MD5 fa76361a71e4112f11a0c02ebcf33897
SHA1 b8bcedf8295046ec565e2c964c66bcc25070e2a3
SHA256 ffb7e5ca5cf4226e78e18a02f3724caa203774b908268f9a8f5e0faa11da533f
SHA512 934d0185459d92f452219b13ee5845b5919842a9841a7e15046608596ee291fe837872741673b7e1e2b19c4f32dc716770c0ae0a2a85840695deda499c456daf

\??\pipe\crashpad_2080_RBBPXHKRIZOHHAZH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2512-123-0x0000000000A70000-0x0000000000F2C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/2528-133-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-134-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-147-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-148-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-149-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-154-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2528-155-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-160-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-161-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-162-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-163-0x0000000000340000-0x0000000000F2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a47ee2beb2f826aba84f58ee2e016ce2
SHA1 494a235566f6a051ef294e5d0215fd9439f42e4c
SHA256 c992b0684fee4973f0ec1f37c27f0dd3a23dd51831eaa9c79dd0f2495231f1e9
SHA512 11e62e6c8642ae040050cb063d43270f9a2e728db21ac0d65661c1b9abe6ca457475f74f2b3d92f5f2b515c1934dab75e4d149af33e0f815f98fe2a810ba7207

memory/2512-171-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-172-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-173-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-174-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-177-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2528-178-0x0000000000340000-0x0000000000F2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 acdac64c4d82534e447fd77090daae45
SHA1 73fe326683eefa06bd23f4e463000f9db5d8019a
SHA256 dabd2e000ba67cc96f5315595855b9339a64595557c9946febe98fffa7f10498
SHA512 013772d4ac3b37b61a582f44d36f18b68eca9849f963819c57c29e1c2e3a3abdfa076c993131dbad5eb12a3fbe22f85ba0c9d84140f11ac6710d446254254e7e

memory/2528-179-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 dd8635b5b31cd9a2d202a4d403ef1139
SHA1 82590ff7424f5c7dde76b6806922574fea6e950d
SHA256 dfc1acc5519e135c7cbd2c4526208d8bc2be06c847a28c05bb10ea5a2fb8b96b
SHA512 97c95627dfb06fe7304b42a3b347aa6deda78983cd3b3341894af5609caf4808657811aa27624a2bcd4c739c9975df2e9622bad9f8e07c984736efeac639fb0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c012176d5d189bb3a97f643cc7a99712
SHA1 c0687778c2fa24f650dea77a01342586a04f184d
SHA256 1057cc5cfaa1898e5bf4a6e8b872aa2f0525d5fe8b5b32aa6e1e04aa4fd6d37b
SHA512 5b8200ca22a44a8224be8785c38740faa06e62e608a79fb2b60ff35b91579c0dbfcce6b41c3e78f993d43cdac0809c0e493dadca12695351214c76572bcafa91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 ebcfea2d9d8a3e5f656067f2f822a424
SHA1 cb65241737d2de55990659e4df8da40e0a0b7616
SHA256 b07c6cdf944aa01a78ea766293016db70d52ce0b88f1b220d916af9f4b423003
SHA512 8586b77a7d8b30dacd90f9043f64cc758d6614294b6799d37efadb699e0de4c047d1e7aec129bd8fe19bc3b2358a3ac5999c6bf07c1204aafa44de900511eb14

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/2528-248-0x0000000000340000-0x0000000000F2E000-memory.dmp

memory/2512-249-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-250-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-251-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-252-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-253-0x0000000000A70000-0x0000000000F2C000-memory.dmp

memory/2512-254-0x0000000000A70000-0x0000000000F2C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 60765269bea51bcc51e962d7e1db4e72
SHA1 d3242a0e85012d0bb7b06d7ac495f6ea48c4a4f1
SHA256 6957029df75d00bc0f673879d4640d21631b48d344c58876813e9498fe1b7697
SHA512 bc000400dd0089d463e1a056d5441bbacc1edc5937a7ecc1fcc6395a6da6ecb1db6b254ea4558b6a7ea988ed7211e16d0999c68b1020beea2b6d475b051d35df

memory/2512-262-0x0000000000A70000-0x0000000000F2C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 12:54

Reported

2024-07-04 12:57

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645713021272470" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4284 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4284 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4284 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1548 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe
PID 1548 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe
PID 1548 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe
PID 1548 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe
PID 1548 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe
PID 1548 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe
PID 4684 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4684 wrote to memory of 532 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 1380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 532 wrote to memory of 4884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe

"C:\Users\Admin\AppData\Local\Temp\84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0967ab58,0x7ffd0967ab68,0x7ffd0967ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3840 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KKJEBAAECB.exe"

C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe

"C:\Users\Admin\AppData\Local\Temp\AKKKECBKKE.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1888,i,15895452641797923010,11211981418723604162,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp

Files

memory/4284-0-0x0000000000D70000-0x000000000122C000-memory.dmp

memory/4284-1-0x00000000778A4000-0x00000000778A6000-memory.dmp

memory/4284-2-0x0000000000D71000-0x0000000000D9F000-memory.dmp

memory/4284-3-0x0000000000D70000-0x000000000122C000-memory.dmp

memory/4284-5-0x0000000000D70000-0x000000000122C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 6b6bcb152b6929d38354b322d6ee5ab3
SHA1 6873d54e6fc240b356414656ed7f89cd1a148583
SHA256 84256417442cfddf41517a1a2c0966c8d0487997521b019a80897f3e8ce51a31
SHA512 e9e2eda997af38db09cbc29bb93089d2220448a6e0495a8de029d537a03fce5170ac3bf4bfaec94c338d33870575a85a15ad8299d9cf1396e18f179019d75513

memory/4284-15-0x0000000000D70000-0x000000000122C000-memory.dmp

memory/1548-17-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-18-0x00000000004D1000-0x00000000004FF000-memory.dmp

memory/1548-19-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-20-0x00000000004D0000-0x000000000098C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\39999006ba.exe

MD5 fdaa4171e6b15af5628a055bc7a7bca1
SHA1 0f69f54846e26167777e3d56939adc72ddcb545c
SHA256 230280a480e2b4301c9beed0e5519c1f72f8c5a2d4193b5f69d7a02f6884bb16
SHA512 2ef1076ab306bbd90cc1011c60ae8aab8f626942e3ea2a53e755b60ce1f3865d88302d02395271ee184f3f787baa8b7febd3e9473351932c504f5c6f39185d7f

memory/1336-36-0x0000000000370000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\a242419cae.exe

MD5 fa76361a71e4112f11a0c02ebcf33897
SHA1 b8bcedf8295046ec565e2c964c66bcc25070e2a3
SHA256 ffb7e5ca5cf4226e78e18a02f3724caa203774b908268f9a8f5e0faa11da533f
SHA512 934d0185459d92f452219b13ee5845b5919842a9841a7e15046608596ee291fe837872741673b7e1e2b19c4f32dc716770c0ae0a2a85840695deda499c456daf

\??\pipe\crashpad_532_PGKTNIUKBJFUCPLN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4992-101-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/4992-102-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-108-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1336-109-0x0000000000370000-0x0000000000F5E000-memory.dmp

memory/1548-110-0x00000000004D0000-0x000000000098C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c990c0ce7670351ba3a33a3d186795f
SHA1 8bf53d52c8f108577fab3425bc5b7cb30e7f6ede
SHA256 24cd993e858ce206712cb5ab28f097021085f4a843a0b3e3177fdc4e8e3288d8
SHA512 69a928bfa4c9331346fa6a4432fc22b709860b37a214e31f22c20fed2dfc5bf90f7b0d28f336605b48e90921e4fdf2e51c7fc51d345c23bd8172afcb59ea0c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cdcf59172815e14a61a8c6f2a4c7f3f
SHA1 43a3f26372390c84c19a75a442732f4e83c3a1d2
SHA256 7ddf97afb577da8e2aade7ea7732cfe063bfdf62bc337bb69ae226dc1c5f1015
SHA512 d8ba312233469c826096ffeec710da024d79a4fb7545f896f79f341447454a9abb2616277568349fb97fe5014a3bc6200b718ee87257237ac1c2daf0da2ec2ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b254a7692985c8c0a4a243a5aac7619
SHA1 c2ad7751bc34a15de05489c5745cc542af5e184a
SHA256 0e4fb9f30735214689c69f0e60cd3274666911437d37624125f6277d8efa5a9c
SHA512 9e9912143d7f407423e36a77021b1c25222d07f897a13c8ebb172124e63e252fc9bdb3bd87bb8befa6bbc9c768b9da92fdfa07436f876effcca07527cf191bc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6a22bcfdd7ba3ee5e9c02a2ae5761dc5
SHA1 7fab30c4bd94702de4842a41de790014aedb8650
SHA256 892c4e827bce4949b42493031853f8bf3f98238933ceddfbd68bece8c44d9868
SHA512 1f25b13fcf7ae36edb23ea408191c18705c81454b167f48ae6a1ce2424e2589b419539dce78f5294a103e6e95f262a8a565f4fb72d63eed615507deaf4549782

memory/1548-135-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-136-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1336-137-0x0000000000370000-0x0000000000F5E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 674395752952d83036f2e015ce41c229
SHA1 f3d5c7a9c5c3a87f50bb360782b3daa1e77918ee
SHA256 ebe048c11d1deee5f61f307a970231431dd07fa0371867893316a87dc811babb
SHA512 5f9deb0862d5e5c7b1ef2a4cb22faaf45e1f1c771d31327dacdaed1bbd3a82c0e350db51c1404b037a4447fd042934cf859e0242b924a92ad4ed66fc6ad47073

memory/1548-143-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1336-144-0x0000000000370000-0x0000000000F5E000-memory.dmp

memory/1336-145-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 ec15d7ec1ec84624d3f1004bd28af1c8
SHA1 8b0383a6461adb8692a75e857bacf31b129bc050
SHA256 01c997c375c43abf5ff0192c1774d4314095d169caa4c3f7394a4b459c528266
SHA512 7752e5f2191187db8ca8c6b977e9041ee4ed888a6f95a81bfad77a9be864c2c90d3bbaf5e3a817007ac729df209d20da91c814286e3491d7f32b6f17a2add3a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 eac295cc1a9ba37095f11d4aca8c8f99
SHA1 655ec61acf3ecf95f7159519bdb196a871d7d2c3
SHA256 acf262de2272383554dfffa22b4d9de84331df453faa9fddd53b701a111ac555
SHA512 c34c909a9c233908a44ad15ae7ee42eb4b8d3504e8ba1b7b2609845dd174aebe3a52c8b017013c3bd097be6620dd9359b61451bc1e6a6fba982c4229bd305499

memory/1548-181-0x00000000004D0000-0x000000000098C000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1336-215-0x0000000000370000-0x0000000000F5E000-memory.dmp

memory/1336-218-0x0000000000370000-0x0000000000F5E000-memory.dmp

memory/3880-222-0x0000000000340000-0x00000000007FC000-memory.dmp

memory/3880-232-0x0000000000340000-0x00000000007FC000-memory.dmp

memory/1548-233-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-234-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/3516-237-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/3516-238-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-239-0x00000000004D0000-0x000000000098C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9a196984def2346149e93e04d6021e63
SHA1 defb32ca1648bed5193327c2c542cc84af21de84
SHA256 65abb4125b84c47f51c3c94e1427c031a130da8b5178b28d7f2fae0ad80a32e3
SHA512 bfe0e4a113007ffccbd3858768f5922c2e9ef4bc1ae066f765f44aed2b5c9a47d21f8be8a4ec5476aa1842233af5cab5213e11154861611f93518c077ed21bf6

memory/1548-254-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-255-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-256-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-257-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-258-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/4320-265-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/4320-266-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-267-0x00000000004D0000-0x000000000098C000-memory.dmp

memory/1548-268-0x00000000004D0000-0x000000000098C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1405c88b8ca98b1c8b82378c0c4e205
SHA1 f3c2e02bca0d7df361c88d619b970b6bce981aa5
SHA256 640aaea3544acd8fd890bcdbd4c8d0e1eee2ccd724d4656297369346c6a23ebd
SHA512 286592c56dcdf0103b69916bde9c38714a5d4d850a687f419b403b5427b27aeb47dd2d9065df05e1ff6d442a861dbf9a4cdb397de5f97bf5767032c95f6ce088