Malware Analysis Report

2024-11-30 22:01

Sample ID 240704-w54m9ssemj
Target 9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a
SHA256 9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a
Tags
amadey stealc 4dd39d nice discovery evasion spyware stealer trojan jony
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a

Threat Level: Known bad

The file 9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d nice discovery evasion spyware stealer trojan jony

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Checks computer location settings

Reads data files stored by FTP clients

Identifies Wine through registry keys

Loads dropped DLL

Reads user/profile data of web browsers

Checks BIOS information in registry

Executes dropped EXE

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Unsigned PE

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 18:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 18:31

Reported

2024-07-04 18:33

Platform

win10v2004-20240704-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 824 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 824 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 2720 wrote to memory of 3152 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe
PID 2720 wrote to memory of 3152 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe
PID 2720 wrote to memory of 3152 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe
PID 3152 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3152 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3152 wrote to memory of 4340 N/A C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4340 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe
PID 4340 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe
PID 4340 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe
PID 1316 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1316 wrote to memory of 4772 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 2392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe

"C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EHDHIDAEHC.exe"

C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe

"C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8327eab58,0x7ff8327eab68,0x7ff8327eab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 --field-trial-handle=2008,i,3839227902371150841,3690341830479699182,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/824-0-0x0000000000C80000-0x0000000001874000-memory.dmp

memory/824-1-0x000000007EDF0000-0x000000007F1C1000-memory.dmp

memory/824-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/824-76-0x0000000000C80000-0x0000000001874000-memory.dmp

memory/824-78-0x0000000000C80000-0x0000000001874000-memory.dmp

memory/824-79-0x000000007EDF0000-0x000000007F1C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CBGHCAKKFB.exe

MD5 29af55c68d51c9ef3c35850bec56664d
SHA1 6e050f9b50ed1e6f81719951bb932dedd13e844f
SHA256 c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
SHA512 8420e9a7461bd10557fe58195fb3e58fb45d4926fc4f45cd6c5feeb4bddf86e771ce71b088d5645bdcde768fe8c2496fb149dc8964d07d35004a3d4faa35f05e

memory/3152-83-0x0000000000490000-0x000000000094B000-memory.dmp

memory/4340-95-0x0000000000390000-0x000000000084B000-memory.dmp

memory/3152-97-0x0000000000490000-0x000000000094B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\347e891e7e.exe

MD5 986af30dbc8b65e91a269a4c758abff4
SHA1 897b451a91d8d0ec906c6209499bac27347679b5
SHA256 dab543deff67c7c3cceb94f866efe2f608b75a4591ac98deab94005013abf84c
SHA512 b1d32a5362cc1387d3780b3f27c845bcea5ad0f6f00312bdb25b70705c79cedd55d675d97e6db07fafa20dc96c55863d5a8c327067e22c4baf0d790ac83a05ce

C:\Users\Admin\AppData\Local\Temp\1000007001\6d5c7368aa.exe

MD5 619f9806ab2fad61f931922dd30ede7f
SHA1 e37a5d0abee7f33f31001dfb6352f7282fae174a
SHA256 6948115e88783353bec40bf54a6d10c614fd1332848e6ce2f8a1932c918998ac
SHA512 3b6df4cd430ac31e10a4d957a995073bfe582fd3965d69a108d62d0d6429a26083e533fc954e734b1c1e16450ea258e86bec6923a24373ab842f231600ff6935

\??\pipe\crashpad_4772_GJJLMAWOPIHKOVBK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4340-180-0x0000000000390000-0x000000000084B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 10388bb07b58fcc96827fb93af39df80
SHA1 56d04140742aa69e46fc80a77775b24991f6ac20
SHA256 e465de4db13048a48ca8b9ca30f15d11a11bbca947ac322d5d665dda040c9690
SHA512 346a04277379a6675d6547c94ad17b5cb208edbaeaf8148c2a0b9b4808bfc8916a6aa7a3adf0a57fdd0567593d0321f5eea9d5fd70fc980dd4f6e8788cd88f3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 041db168d43f0901ccc3f57559d3e95f
SHA1 e2f7af8dafc9fea4fb11808e755b97ccf77861f2
SHA256 63366b5b310bc9765b347c4b455e4b5acc0227e1b10ed29ec19b55d3772c01c9
SHA512 faffe827e4f4c0eaab3dec7b147e17410efbd6d7f2d24e5faf1fda90a7d2ea06b1ba36291791c5d52499a75298f64a70beefa18834a904b912a8d591012e79fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30d2701675a87b62f07ad9fd17200778
SHA1 cd95931bce40438c313c3d83743c74f49918b2f1
SHA256 1959208f673002a22d88a2feb587a40e47798eb0ece6eb15c287498cc89b8470
SHA512 cdad3a7805e734e626df88346bc0e75a82f1af7d8049c5a44c86d6062fe675cb7f2d6b4908644412ac34a02dd6e499e799a283036aba080666a00ca93beaf52a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e62658d754a26beba3b13b21d07b196
SHA1 8e985fab786211e5db38d7f0b7d66e2507c54a43
SHA256 2a5a0112fef3258538bd5f3c01d6659354392476d886fcc6932578eeafdcd196
SHA512 73e2d3cc3aed598888882a06854ec7d567695a3f7982a45d7f1f185a1ea466254cf3cf96b8148b7c4a8c243a51e7c80704eab128c60e89fb659579865fcfbe66

memory/4340-203-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-206-0x0000000000390000-0x000000000084B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2fb177063cd1b7c5e199243dd1e89a7a
SHA1 4dcadfe2dca7aeab337a3205c75ab1134cf45179
SHA256 dedf4c6f1d3f22e619b2ba4674b5b41b04da658159c35015040617c069146d04
SHA512 4478e3718bf0a8cce3c8607cafee15e9f68488566b3df76ceba5b5e18fc99b54324c2f881b87443a091ce1eff5afbfd43298a23ba314fcf073fc11158a42fed4

memory/772-213-0x0000000000390000-0x000000000084B000-memory.dmp

memory/772-215-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-216-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-217-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-227-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-228-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-230-0x0000000000390000-0x000000000084B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 812c04600187c4e6ab5d62143b48cc3e
SHA1 786fa0d308485587aefec0958e055c3c57d6c7c9
SHA256 39c91bf47223cca71aa5412dec5ec1bf674cf2c58333a9ebccf61283d666ae7d
SHA512 9a5cb7200993d8261d74fa052b6f8e1200f6d2b4058330a09e01bbdd0ac1e230146b00abd45c31f8eefdae85a33920f59b65afb57412d26867fd89333b7f011a

memory/4340-249-0x0000000000390000-0x000000000084B000-memory.dmp

memory/1208-251-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-252-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-253-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-254-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-255-0x0000000000390000-0x000000000084B000-memory.dmp

memory/4340-261-0x0000000000390000-0x000000000084B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 18:31

Reported

2024-07-04 18:33

Platform

win11-20240611-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645914978611251" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 4460 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4008 wrote to memory of 3152 N/A C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe C:\Windows\SysWOW64\cmd.exe
PID 4460 wrote to memory of 4260 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe
PID 4460 wrote to memory of 4260 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe
PID 4460 wrote to memory of 4260 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe
PID 4260 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4260 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4260 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3792 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe
PID 3792 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe
PID 3792 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe
PID 3792 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe
PID 3792 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe
PID 3792 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe
PID 1888 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1888 wrote to memory of 3332 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 2792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3332 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe

"C:\Users\Admin\AppData\Local\Temp\9f5b516487cc6c3218efb06cb2ebcc72ce724dc64aa84d217464af873c048b7a.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FCGCGDHJEG.exe"

C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe

"C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc09fab58,0x7ffbc09fab68,0x7ffbc09fab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 --field-trial-handle=1820,i,2183096761440867034,16634582365082203357,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1136 -ip 1136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 868

Network

Country Destination Domain Proto
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 30.47.28.85.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
RU 85.28.47.4:80 tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
GB 216.58.201.110:443 consent.youtube.com udp
RU 85.28.47.4:80 tcp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
IL 34.165.122.223:443 e2c63.gcp.gvt2.com tcp
RU 85.28.47.4:80 tcp
RU 85.28.47.4:80 tcp
GB 172.217.16.227:443 beacons.gvt2.com tcp
GB 172.217.16.227:443 beacons.gvt2.com tcp

Files

memory/4008-0-0x0000000000DE0000-0x00000000019D4000-memory.dmp

memory/4008-1-0x000000007F660000-0x000000007FA31000-memory.dmp

memory/4008-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4008-77-0x000000007F660000-0x000000007FA31000-memory.dmp

memory/4008-76-0x0000000000DE0000-0x00000000019D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CGIJECFIEC.exe

MD5 29af55c68d51c9ef3c35850bec56664d
SHA1 6e050f9b50ed1e6f81719951bb932dedd13e844f
SHA256 c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
SHA512 8420e9a7461bd10557fe58195fb3e58fb45d4926fc4f45cd6c5feeb4bddf86e771ce71b088d5645bdcde768fe8c2496fb149dc8964d07d35004a3d4faa35f05e

memory/4260-81-0x0000000000140000-0x00000000005FB000-memory.dmp

memory/4260-94-0x0000000000140000-0x00000000005FB000-memory.dmp

memory/3792-95-0x0000000000F50000-0x000000000140B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\2ab9d737ee.exe

MD5 f7a1094ec901c30a546487c8aa2a3093
SHA1 5818379023c31c60cc63df13710b07ea8c791181
SHA256 579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
SHA512 ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5

memory/1136-111-0x0000000000CE0000-0x00000000018CE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\07c8e4acf3.exe

MD5 619f9806ab2fad61f931922dd30ede7f
SHA1 e37a5d0abee7f33f31001dfb6352f7282fae174a
SHA256 6948115e88783353bec40bf54a6d10c614fd1332848e6ce2f8a1932c918998ac
SHA512 3b6df4cd430ac31e10a4d957a995073bfe582fd3965d69a108d62d0d6429a26083e533fc954e734b1c1e16450ea258e86bec6923a24373ab842f231600ff6935

\??\pipe\crashpad_3332_PKUJMWFJNTCYAIYQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3792-180-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-181-0x0000000000CE0000-0x00000000018CE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 643ec8e47a5e77c0f155fb6be093bb38
SHA1 0a57f895ad8fa49542847499685d45e3dace150a
SHA256 615828c3d84ba0f710b839119d48c3c446a11f439bc3b23736f36db00317af90
SHA512 c04dbafbf5c96420463883e86dd610c77166c6f833071a0a3fdf81df36209f4eefa191ecdb113e131622cd4cad235a118abc7dc148fd655cbdd354605db9074f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 119383478211a612111cc4b75dbd5a0d
SHA1 535fd146040cde1b602dacd1aa646311f49e6585
SHA256 707bac26c22487281eb2ad4804cdb6f5507164f13dca08bd0c4dcd1285d3f012
SHA512 1e2516d89750bdd9bdf36a570236f7e34693f21a86e4661a2c66674bd9ece159f441a60499c0caa62bef7b096d86d943954de201f32c20ad513fe6b40baf38cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4ddefacbf448399b85364b318e9a504b
SHA1 1b8992f809c9ee5b8ccdd8c29fab5d2b1ecba5a7
SHA256 634ae2caeabdc9f28bc128fa0310eceefdda92852373842d83191ab4f842307a
SHA512 fd8180e1d7df302912702f2324eed7fb77e72ab82f9ea5676544d79b85ffb16ac10001b17380f0986530b055c514613d6c475748618900b36b0473b64da746ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 52029de7d785d349fe71971f041517a2
SHA1 878d0f55957f022504e3316a3eabd1bd6247f720
SHA256 46532ae56adb879d574bc3dbc10fd6091b06820275093d5607d738e8a4376324
SHA512 732ee303f08a8e06c000ceb54a5345164289159a99a597fc89f219636d86da6fe18735c80bfc06ce6b3d7f51a1931c768637655098caf05cfd571e36914cd871

memory/3792-206-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-207-0x0000000000CE0000-0x00000000018CE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d63a9560152daf1678b8097aab48021b
SHA1 aa5ef654de7d6bd7bbac54d0c38d366da8f7c584
SHA256 2fe5186ad35004ec52556ef11fefc6edf16c4ff12276fb97b8fdf20a3f5b74bb
SHA512 730fccd3bb4d43c3f4505e4770a5dca81c8fbabf7830ff33f4298196f6075569f248ecf70ad03ca145a7e262d89550091264b8494b1d4bbda3f08a7cd83ce0d6

memory/3792-213-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/2080-215-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/2080-217-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-218-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-219-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-229-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-230-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-231-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-232-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-233-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-235-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-236-0x0000000000CE0000-0x00000000018CE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eec492f5a3c7fe05945d14382304146c
SHA1 036ef91a594c20ccf0395d8a6c3c73a624ad4419
SHA256 d4cf3e10a23b5290ecd41ec641e2e80d3a7dff8164dad04aed145efe9fd03852
SHA512 d2ab3bf3467171c07da5e0f6a811ea77869bb9376495459ca37aa1c7711a81995f0e0b5b605de03d50e68039c53c32e2890034cc08edfc0108e9a3523e5013ab

memory/3792-251-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-252-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-253-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/2892-255-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/2892-256-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-257-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-258-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-259-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-260-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-261-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-262-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-264-0x0000000000CE0000-0x00000000018CE000-memory.dmp

memory/3792-270-0x0000000000F50000-0x000000000140B000-memory.dmp

memory/1136-271-0x0000000000CE0000-0x00000000018CE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 03dd80ceb0aab90c275cf7d50d31dd4b
SHA1 7709c80458becc652d03b862aaba3ba201327951
SHA256 7a038e6bbc8bfe909a61d588fd34dcb9e67721d4ccb935f0c35241904fe420a7
SHA512 2ca2700dcacbc0e5a3035a968187a21e1afffc163b761581ee69afcbaee0c6edc7bca867f5e5e084088c0aa38e124574222d0cf197af7cb0d0f9973aa62821a0

memory/1136-281-0x0000000000CE0000-0x00000000018CE000-memory.dmp