Malware Analysis Report

2024-11-30 22:03

Sample ID 240704-vdbyha1gna
Target 9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c
SHA256 9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c
Tags
amadey 4dd39d evasion trojan stealc jony discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c

Threat Level: Known bad

The file 9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c was found to be: Known bad.

Malicious Activity Summary

amadey 4dd39d evasion trojan stealc jony discovery stealer

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Identifies Wine through registry keys

Checks BIOS information in registry

Executes dropped EXE

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 16:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 16:51

Reported

2024-07-04 16:55

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

64s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe

"C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
RU 77.91.77.82:80 tcp
RU 77.91.77.82:80 tcp

Files

memory/4960-0-0x0000000000FA0000-0x0000000001461000-memory.dmp

memory/4960-1-0x0000000077794000-0x0000000077796000-memory.dmp

memory/4960-2-0x0000000000FA1000-0x0000000000FCF000-memory.dmp

memory/4960-3-0x0000000000FA0000-0x0000000001461000-memory.dmp

memory/4960-5-0x0000000000FA0000-0x0000000001461000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 112179a520345a65b4d4cd4ecc995f2e
SHA1 a9ba41f75dc4ed07d16ba56b0c993fb92dcd9db3
SHA256 9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c
SHA512 f62c0459c9707c64f7c5922f0dbf70a623e410cf45ef3a15578825e95de6eeef5b103cdf2528bc3f6b12d3d91cdf9fe1f78cab3d1a930c94bfb3b414605153ea

memory/4476-16-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4960-18-0x0000000000FA0000-0x0000000001461000-memory.dmp

memory/4476-19-0x0000000000011000-0x000000000003F000-memory.dmp

memory/4476-20-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-21-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-22-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-23-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-24-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-25-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-26-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-27-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-28-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/3884-30-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/3884-31-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/3884-32-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/3884-33-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-34-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-35-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-36-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-37-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-38-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-39-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/1940-41-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/1940-42-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-43-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-44-0x0000000000010000-0x00000000004D1000-memory.dmp

memory/4476-45-0x0000000000010000-0x00000000004D1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 16:51

Reported

2024-07-04 16:55

Platform

win11-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645856105447240" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1632 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1632 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1632 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 1596 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe
PID 1596 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe
PID 1596 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe
PID 1596 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe
PID 1596 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe
PID 1596 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe
PID 3960 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 1884 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 3620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1884 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe

"C:\Users\Admin\AppData\Local\Temp\9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd6ee1ab58,0x7ffd6ee1ab68,0x7ffd6ee1ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1732 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1456 --field-trial-handle=1800,i,6147078379435258174,1678477180012365195,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 5076 -ip 5076

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 912

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 tcp
GB 216.58.213.14:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
RU 85.28.47.4:80 tcp
GB 142.250.200.46:443 play.google.com udp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 52.111.227.11:443 tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
GB 216.58.201.110:443 consent.youtube.com udp

Files

memory/1632-0-0x0000000000C10000-0x00000000010D1000-memory.dmp

memory/1632-1-0x00000000772C6000-0x00000000772C8000-memory.dmp

memory/1632-2-0x0000000000C11000-0x0000000000C3F000-memory.dmp

memory/1632-3-0x0000000000C10000-0x00000000010D1000-memory.dmp

memory/1632-5-0x0000000000C10000-0x00000000010D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 112179a520345a65b4d4cd4ecc995f2e
SHA1 a9ba41f75dc4ed07d16ba56b0c993fb92dcd9db3
SHA256 9c30515aae1822290be75d5cd8b51d266a97644e47876db97af07eb9dc098f1c
SHA512 f62c0459c9707c64f7c5922f0dbf70a623e410cf45ef3a15578825e95de6eeef5b103cdf2528bc3f6b12d3d91cdf9fe1f78cab3d1a930c94bfb3b414605153ea

memory/1632-17-0x0000000000C10000-0x00000000010D1000-memory.dmp

memory/1596-18-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/1596-19-0x00000000006D1000-0x00000000006FF000-memory.dmp

memory/1596-20-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/1596-21-0x00000000006D0000-0x0000000000B91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\b800971c1f.exe

MD5 f7a1094ec901c30a546487c8aa2a3093
SHA1 5818379023c31c60cc63df13710b07ea8c791181
SHA256 579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
SHA512 ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5

memory/5076-37-0x0000000000AF0000-0x00000000016DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\43f294799b.exe

MD5 b87032bd0a6e2a583084c5ea09eefc01
SHA1 b8fd32f5da82d0f0de0f1dad3859c64340942578
SHA256 89a7bae3205963426217394a546bd9510e1f94d2fd0c964c6e8d26188767d3ed
SHA512 c3efad22a434bcb1f456f4ed0d5155fbf8382a3283627e0da92c5238f18b902e9a5b3b63cec90b54f516b9125df698fbdd548c61e0e48a667cb06bb066515b91

\??\pipe\crashpad_1884_DJNIDQAUFJHJYMBD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/1596-101-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-107-0x0000000000AF0000-0x00000000016DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 939524ec525b2fe3131c04a345930d20
SHA1 22b9c6079daff8a5fdf22807e02c26648b6da51c
SHA256 e28b706e76411fb45fb10d94b4c4a12ef8e39c2f74ba14a8ff7f372a8b47981f
SHA512 d3227dc283be2356fdfd63427fcb7d5f9f36f612e2a655888f6f37c16a7e5e7be4c244a9530d2da6c02b55d241cf3d76b7d7135060578a78c42ae3babfa77be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 24cba1bbb607ba3a44cb831e57f3bd2a
SHA1 632513dd1f50dda144604bbe9dd7d737172cd9fd
SHA256 efa26bb4a3951d7b841fc378d673e87c712c6961a7f13458b99da601c122b51e
SHA512 8a8704579f0e44e6a31ffe9319a992e796a6250790a8b878d5927c75787c731d606aa72bbdd798e6b66c6662af781258615a971c88740a7fc716177370cd2f35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3de6902c94998f91bb14311e913746c
SHA1 7d687f6ec5f37f399047b8045ab470d1fafa8d0b
SHA256 9404fd82b554412df308c1f868c1681225d68df45492732876e969eefbb50e2a
SHA512 29233541cd919e31a4d0b663269310e9d72b556635567796112509999c2c13cce412fdae2318d762b0c4aeaad412094c5d3ffc495b16b55518b0c64f2b2da3da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e2479fcac8a44e75fa2b258270196a2b
SHA1 0dd0ce0347616c63f07bb35f6cfa877912b44473
SHA256 140858dd1c20dd0fb2cd167a9cbbac4007d6b17074898c5a0b0d1b520f0c4947
SHA512 b21048e56283d5895efa2a24ac2592900e083054dc03d928350f9a58a1fca3291072072eacc7907b13029d3cb9b32c8918ef18daf4d40b6037abcebc6c7aa143

memory/1596-130-0x00000000006D0000-0x0000000000B91000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1ba38ad2321012e595c89b3679bd8fef
SHA1 8f2b195e84dfb3994f2dd38c913fe0a5d5d7a75d
SHA256 b3ff2e236c7f3a9d2c04c70a1a9ae491a5c1243c2dd4c223eb6f3f1a7bbee61c
SHA512 b45fb355caba09faf03b6a30d02e3fb226fa8b9ff6334b71d85d35489d6c33e253d61dcdfe49a7c5b876b716f5e75e48cab90c2dde8e3eb7f97a87583ef5b03d

memory/1596-138-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-139-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-140-0x00000000006D0000-0x0000000000B91000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b56a23db159858737fdfd684c16beed0
SHA1 f11fad605fe5d05b1dde4512f67737a45daddebb
SHA256 29315c61d4407bdbdea20e8de3614321627749974777f4698f973559300ac098
SHA512 63863d2eb77a62e8a55bc5b33b99251f70481eab43eef2f261da29435d7788eb23c4c431d83bea035044866d6dfa5f72257d4e2093dca5bd0a081c85c838f1f1

memory/5076-146-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-147-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-148-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-149-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5080-151-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5080-153-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-154-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-164-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-165-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-166-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-167-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-169-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-170-0x0000000000AF0000-0x00000000016DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 be722ace9f053362364e3cee48b0b0b6
SHA1 3da9f4745aa756961dbaea7e735e0bd3c6106eb0
SHA256 5a4220e4e486ccba84ced4fa52db4650f688102469e1dc15348b9099b89be25e
SHA512 9e344a67c2f03736a3a117991043b797e014d22249b31aa3610c6dc62b5dbe972de7cfa92a90b2cfa5e5d1efb594f6305c741ab9c00b4e5f851194f8307547cc

memory/1596-189-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-190-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-191-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-192-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-193-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/1616-195-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/1616-196-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-197-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-198-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-199-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-200-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-201-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-207-0x00000000006D0000-0x0000000000B91000-memory.dmp

memory/5076-208-0x0000000000AF0000-0x00000000016DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 af3d7d0fb94c89d72136206056eb0799
SHA1 745d5e7e2465d0695780f62392c71781fb6b8e35
SHA256 9137cac386d636ef0d998491f0be170677a23decd6f2d3f3fb43cf6c7f3c6330
SHA512 0b66bba513eba2ced9b8a60901f514f7e0a064ef50b4cbb1d620674fecf460a3fa3a1a638df8d241c4c3e454f4735d6e5c144f09e42e77fd7b46630d9ee5a3b6

memory/5076-218-0x0000000000AF0000-0x00000000016DE000-memory.dmp

memory/1596-219-0x00000000006D0000-0x0000000000B91000-memory.dmp