Malware Analysis Report

2024-11-30 22:02

Sample ID 240704-wf87fs1dln
Target c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
SHA256 c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
Tags
amadey stealc 4dd39d jony discovery evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e

Threat Level: Known bad

The file c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e was found to be: Known bad.

Malicious Activity Summary

amadey stealc 4dd39d jony discovery evasion spyware stealer trojan

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Reads data files stored by FTP clients

Checks BIOS information in registry

Reads user/profile data of web browsers

Checks computer location settings

Identifies Wine through registry keys

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 17:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 17:52

Reported

2024-07-04 17:55

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645892004511931" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4988 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4988 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4988 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4528 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe
PID 4528 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe
PID 4528 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe
PID 4528 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe
PID 4528 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe
PID 4528 wrote to memory of 1972 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe
PID 1972 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1972 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1924 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1572 wrote to memory of 3540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe

"C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff964eaab58,0x7ff964eaab68,0x7ff964eaab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BKKFHIEGDH.exe"

C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe

"C:\Users\Admin\AppData\Local\Temp\KFIJEGCBGI.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1888,i,7998204059142085504,2688421138435539390,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
US 8.8.8.8:53 4.47.28.85.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 121.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.201.110:443 consent.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/4988-0-0x0000000000870000-0x0000000000D2B000-memory.dmp

memory/4988-1-0x00000000772E4000-0x00000000772E6000-memory.dmp

memory/4988-2-0x0000000000871000-0x000000000089F000-memory.dmp

memory/4988-3-0x0000000000870000-0x0000000000D2B000-memory.dmp

memory/4988-5-0x0000000000870000-0x0000000000D2B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 29af55c68d51c9ef3c35850bec56664d
SHA1 6e050f9b50ed1e6f81719951bb932dedd13e844f
SHA256 c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
SHA512 8420e9a7461bd10557fe58195fb3e58fb45d4926fc4f45cd6c5feeb4bddf86e771ce71b088d5645bdcde768fe8c2496fb149dc8964d07d35004a3d4faa35f05e

memory/4528-18-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4988-17-0x0000000000870000-0x0000000000D2B000-memory.dmp

memory/4528-20-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-19-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-21-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\7056ab227c.exe

MD5 f7a1094ec901c30a546487c8aa2a3093
SHA1 5818379023c31c60cc63df13710b07ea8c791181
SHA256 579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
SHA512 ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5

memory/1784-37-0x0000000000110000-0x0000000000CFE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\8f42cce065.exe

MD5 619f9806ab2fad61f931922dd30ede7f
SHA1 e37a5d0abee7f33f31001dfb6352f7282fae174a
SHA256 6948115e88783353bec40bf54a6d10c614fd1332848e6ce2f8a1932c918998ac
SHA512 3b6df4cd430ac31e10a4d957a995073bfe582fd3965d69a108d62d0d6429a26083e533fc954e734b1c1e16450ea258e86bec6923a24373ab842f231600ff6935

memory/1784-57-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_1572_LNUHUTTADRMLPQXP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

memory/4528-152-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1784-176-0x0000000000110000-0x0000000000CFE000-memory.dmp

memory/3292-180-0x0000000000EE0000-0x000000000139B000-memory.dmp

memory/3292-182-0x0000000000EE0000-0x000000000139B000-memory.dmp

memory/4528-183-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2b08d9ec1d86a82fd3f79becc7a89c32
SHA1 485c58b8ef01b4b092d9ce636f80c18e9360a816
SHA256 e61964a5274fa3b23c739e04362b8078f3ca827b4bafa1d00bbc9304ab60bb0c
SHA512 59e19ac16c1e246170237427a75257ec9be8d3728e6da98c2da61e67262d07fb8d73806567a4dc314182a3c54628f0c4858be0c5be8aafd6606d7b48be3c15c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a67b1ac4f28df8005652fe0bb5995e14
SHA1 d0c6dcd6271b2a563a7589c1864f3b04cd767a4a
SHA256 6b8d2d20129f2ada3741c0036d84021cc25f0b0f746a35f3e19bb2377b7870d4
SHA512 560d564358be6809702a64814e2966d1fd3efff74fce56090cc0de7db743f4d4712761d7bc610b4ec7e2783839fa0ec082cd3d8e2515ea22e2db881377912f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce25164127c20a55f9ffeb89cbbc0a43
SHA1 4e3b159946dcffdc3892dbd7c6da6f48194bd8ed
SHA256 a79838fbc9576882218267cd1bc9eec351edfc8922c946f461be5fe04ac7f463
SHA512 2b7dcff1f978076254f1a1fa0e71ca7fbc62cdf1d3e187d1abe6d7196bdf10143908b549893fd5b787fd5ab0f83070d633169039ae750980c4c867b426d34a8b

memory/4528-199-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ccd6f028c7dc83e82209daefb4c7b140
SHA1 a7eeb487828f41eafce60fdf480c75db8eb4b93b
SHA256 fe7a3d8b535395cc6c2ffd8d9a3f50d017d11eb320abb48628aa06df26a33267
SHA512 3e27c6a9ae626c4d34aa95193b451f470fbb1b8d17867625d70d7c191b5ad2ef030303249d314e9f160f80e43dc4da246a3a7e784e9e0a89a473298550ca1dd1

memory/4528-209-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-210-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1bea11fa3b59bd1c82e492d82f4a7c1
SHA1 7c04beed0b5580f8bc59fbcc2570e5fdc4f6e01d
SHA256 d13c93a4a3bba9b5076298030d3e59b0038a34ee2d8f18740db9cb30dbffe9b9
SHA512 28683fe356f283f3a701faaf61eb8c919b78b372384e08a2679df13e12b50bf49b745be140c9c826ccb153c5d2bdb0017836f6bc28e4e86d7ac9105c46fc89db

memory/4528-216-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-217-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-228-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/3672-229-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/3672-230-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-231-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-233-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3c90084edff82865bc0860c9d72d536e
SHA1 31ba4d35641e66d4ed070b2ba0793da959a3746b
SHA256 aafa3332092ce428e16cf2b1547647be7e52b13383521ffbc2430a1a686fc3e1
SHA512 def5bc2ed070cbe5179ac7346f50e3ecfa36eef258103278e6049329ad6a245ffbc68435f618b17540c85adce00248e72be9cec09c7d43483e5da5e44cb317b5

memory/4528-248-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-249-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-250-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/2240-253-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-252-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/2240-255-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-256-0x0000000000650000-0x0000000000B0B000-memory.dmp

memory/4528-262-0x0000000000650000-0x0000000000B0B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3308ddba54ef8328c81b12d78568ee75
SHA1 2fb55ccdc0da1f883828209b3bfc4f125405178e
SHA256 57208fd51b7afdf1859e7fde1a68258e8fb7a9f6497c918cf0fb8dc407bdf1db
SHA512 f139663be1a966d29ac87291e618099fe13a530e5add0ab7db8284054bb28cb7aa9de020d93f288f0ed57894f0828bed4b3e3f793ef63f6203e3bc88ca03b354

memory/4528-272-0x0000000000650000-0x0000000000B0B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 17:52

Reported

2024-07-04 17:55

Platform

win11-20240419-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645891982280768" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3380 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3380 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 3380 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2512 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe
PID 2512 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe
PID 2512 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe
PID 2512 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe
PID 2512 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe
PID 2512 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe
PID 4220 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4220 wrote to memory of 3240 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 2456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3240 wrote to memory of 4336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe

"C:\Users\Admin\AppData\Local\Temp\c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2328cc40,0x7fff2328cc4c,0x7fff2328cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FBGHCGCAEB.exe"

C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe

"C:\Users\Admin\AppData\Local\Temp\EGHCBKKKFH.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4816,i,10429886328093471042,8886025629328357103,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4348 /prefetch:8

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
RU 85.28.47.4:80 85.28.47.4 tcp
GB 216.58.213.14:443 www.youtube.com tcp
GB 216.58.201.110:443 consent.youtube.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 consent.youtube.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 consent.youtube.com udp

Files

memory/3380-0-0x0000000000570000-0x0000000000A2B000-memory.dmp

memory/3380-1-0x00000000771E6000-0x00000000771E8000-memory.dmp

memory/3380-2-0x0000000000571000-0x000000000059F000-memory.dmp

memory/3380-3-0x0000000000570000-0x0000000000A2B000-memory.dmp

memory/3380-5-0x0000000000570000-0x0000000000A2B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 29af55c68d51c9ef3c35850bec56664d
SHA1 6e050f9b50ed1e6f81719951bb932dedd13e844f
SHA256 c4e0af18aa1069ff5e0468ed2c5b0e08b3cf453752ca73f59a88223d72a8d20e
SHA512 8420e9a7461bd10557fe58195fb3e58fb45d4926fc4f45cd6c5feeb4bddf86e771ce71b088d5645bdcde768fe8c2496fb149dc8964d07d35004a3d4faa35f05e

memory/2512-18-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/3380-17-0x0000000000570000-0x0000000000A2B000-memory.dmp

memory/2512-19-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-20-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\7f6927a58b.exe

MD5 f7a1094ec901c30a546487c8aa2a3093
SHA1 5818379023c31c60cc63df13710b07ea8c791181
SHA256 579804532d286ba442de9a9f8b9a20a2d5239eb510558805fa18ec0717182e0f
SHA512 ada3d3b87f01ed5db7b0de44f94b128a154113e5ef0fcabf1117ee5250d171d5f74b637a783c71ab5e16c4b7427c089702e63a9080f5661d0d616c5a3c087af5

memory/2964-36-0x0000000000BD0000-0x00000000017BE000-memory.dmp

memory/2964-37-0x0000000061E00000-0x0000000061EF3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\7056ab227c.exe

MD5 619f9806ab2fad61f931922dd30ede7f
SHA1 e37a5d0abee7f33f31001dfb6352f7282fae174a
SHA256 6948115e88783353bec40bf54a6d10c614fd1332848e6ce2f8a1932c918998ac
SHA512 3b6df4cd430ac31e10a4d957a995073bfe582fd3965d69a108d62d0d6429a26083e533fc954e734b1c1e16450ea258e86bec6923a24373ab842f231600ff6935

\??\pipe\crashpad_3240_SRWCKSHTAGWNQFJH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2512-138-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5f56201f1f11c05c6b35937e4b43e396
SHA1 e45737328048d0f94f0b70ead2c55cd8572a627d
SHA256 f0ba73f373c49fe5aaeccb22c1b024c72dc192510e90f420543c2613166e9a41
SHA512 4f4696497ec8d0d72fa8c613189a664ee668c1b7086d7621efa28253685e5b4980d85cf1e61353362400b69832d19c1bdf2a216c371b3b015ce6625e1882db81

memory/2964-174-0x0000000000BD0000-0x00000000017BE000-memory.dmp

memory/3380-178-0x0000000001000000-0x00000000014BB000-memory.dmp

memory/3380-179-0x0000000001000000-0x00000000014BB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7cb530a41d7a633f926b30af44e97eaa
SHA1 c722724c42e73505c44e119523754ddcc53d02d3
SHA256 50e9eaa4a170eecc3c9216ca105e17ac179e1ef726ff023b58e6097cdc388f73
SHA512 4e034efcd646ffad7428a261a80c827d06ed2a9f1b2ef8fb43ade481d21255ab7ab6b3de24f7ee7360d18095d180c94f48e96aee7a56e91b4e1af9258645150c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ede9e6f68044f0717f260dce4d7659c0
SHA1 12ba3071d3ea8393113b8f1d681cde999a39816b
SHA256 f2621baf521c7587d782304230517b1dcab02bf879c21ee206334edd56a54561
SHA512 34e8cee81640d0e2e75ac1195490b87f4d5c8a6729b5994c62bab8a350f800b6a6f8e00f9cc31a24980663d90dcad6822912d5d09a1d6613341f08f66ab8b32b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df752ef85d1b8fa073171dd43633e05c
SHA1 384d93aaff3561f8e6c83f13520665c5811ba4a8
SHA256 d3131ae93e1b140ed9c77939b6d80bedbe411bc4b7cc000c2288dfbb1073b955
SHA512 ca9010de1efeb025ae11f370c85ad7bcf1e6f7c6c6400a733bdc66f84b1bdcad2f49282fb7fceeca985c1e5104ec57fa790874963fb67cbec7d0490ad9081316

memory/2512-195-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 abc5a9c520b12eb8c550a98b57682d22
SHA1 869e8ec811103325dfa59ef2e6bfe0d21b1bcaf7
SHA256 e784775524b5091d9a8c2977643b05b91668125ec90ca8edf26b8c9f39b84d09
SHA512 b35404de0ffa13e92f6baf3a70189b9e22cdba8a1038415a85d3d38bc7d53b81a95fc5d76db10158f6eeefd2befde50030e68eaef2447697ba0a16113f95fae3

memory/2512-201-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-202-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1224d04c9b178912703b1fddf11024af
SHA1 ceba2401b7418e9029477eee64e2eb3c7bc582d1
SHA256 21f5f6245f27fd7b387ecf0aeba55f5be4ab74b6c1af1ac7e4fdc0cf00bddac6
SHA512 5a9e916da0c75b29677f23b7e460ad9203eafdc3a3a6609392e3e89b314c4d2974286cc00e63dfb18b2125cb4d3d6f7efc080dfdc0b98a1224a7a2f8a0eb7f35

memory/2512-208-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 951438439c3bd930b2e2303483ac1068
SHA1 464f96cdeff1df59599748f7ba3c7c748eaae22b
SHA256 aa152ab9e711ec8c9915ba350fc69210750ada41d8c7fd7aab69c5bb21175e7b
SHA512 ba6ee2b99226df4d03d49736ab8acc5ea0b510c41c36fd2c83ebcbbf317efb1d7540be71efb4a9e5136a343f7cd8f2502fe29eaa053d4394516cd313a636ad72

memory/2512-218-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 210e610e6060d01b1827815b20518202
SHA1 ae2fe17e6e15a51fdf8c815e1bed6c90c5db9ff5
SHA256 1ecca689479dac726b61ffb7830271d0657db92bdd360c8f08a4249a5255081d
SHA512 5309a58e3da0473771b764e75b5cb1bc2668c11c85db6b9bd4c4f981db7837403c086b1fd34be3f2423f37be012075a4f0820607316d15a3991337a411dabc4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 df6dda398d9eafa655adec2883b5d395
SHA1 afa8b28332ef59a2f3c9154300d3846348607b6e
SHA256 9a59f1ce22716288b6cf922e05b0ed5d6d1215ec93161471293c8dde2bbc1418
SHA512 25d3ef26be6bcef50fed71b107004076c5d7eda663761c36c07443ee4562dd7f2149f5be3f0cc954d06ca1d26abf1b753ab2aa655ffd1dca9375c311839bd54f

memory/2512-237-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/3232-239-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/3232-240-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-241-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78beb425626156558c63ce9a8891c762
SHA1 fa43ce962adf72a186177e294a0f360cd96a646f
SHA256 ebcc13e32dfbcb9f03f8ae8ad569511c4b289674d74c334851f4f1d80e6d8fb8
SHA512 450517e9c3bd4021c7ba15d8e6090bb773dd285135a216e4cc0bdcb83c14e3a1b323978f2ba45ea948aa503dddca86459c8e65dcd25d1387c6da7b33a4e6261b

memory/2512-252-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afcd0334d5b7c33b3891c2266bdd3eb7
SHA1 ad3d593e1181e9a462c759c0cbb8d0a275f15834
SHA256 d797fb2766f1cb8b3c7809eff4ff6013771c77f62a9b7bb03fafb13210e79015
SHA512 1542ab15becde233998fa77f3d454808c0a461e45ae56618d1fe2224285f0f7f0c13af88bdde3d8956dc0de8631473790dadd0623ef6424c2cbc364e5a8c4e46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1064765c4e2dc6a4893166e949cbd51
SHA1 3c6607c511026c26d5ef98e97edddcd7f304e6dc
SHA256 2bc6d90685f0d4ff250c7dd76e36982af6dfcc582ac81fc17896b3ecf3e61c78
SHA512 28048297a01049e3a834dce2203993b29d6a4385e2964e5100a1f14bf813da2335443fe9b51326b99f0ee1c75259ef7162a67f51fd43afa14db74c14d324b3a7

memory/2512-267-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-268-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66501ba38e59bdf248e7cb84c89511dd
SHA1 805db560baec600c652858e9d3db6f6a175f7580
SHA256 af05fb91d90f882653542851c131363cd8fe84daa2d497b9e04685c7fe48e716
SHA512 373fbf8ef122efe928990276413e1b0ada925fb176d40fd48c15d6ee9356bfdfd91c6f629dd6a9a735698de34095bebcfadd18beb13d0423247f285fe427ca29

memory/2512-278-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-279-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/1556-281-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/1556-282-0x00000000004D0000-0x000000000098B000-memory.dmp

memory/2512-283-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20944e42da1e48e2d0e3aca3f6d2ba6f
SHA1 c41ce0e0932bf79cbaefc774b0dd00be20a40a6a
SHA256 8d5007edd0892a0f3059fb929d91e2efeca0f3feaa78c46540e6173c035f6c30
SHA512 bd1cf744c8992e1d87eb43cb5823467b8da357fec33cd16c9d82af847c7126964782af59199b1594eed530482c4c4e1741b64f8a6dd58b3eb1a9d2e61a400b76

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

memory/2512-309-0x00000000004D0000-0x000000000098B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 070873f35a8753674c5f65465a0229c9
SHA1 5e6fef571d8bc85aaf2edf9ba08fc37d742ecd6d
SHA256 2dbcb7332eeb12a3b15167c7330c1ab2b5be8afc9f7e9e47093b02cbba153bf2
SHA512 f5b52448f64f72f478b94eb869dc4c8297ffa90bd813803ab4f01b109b32ddd3ad735a5a591e2d095f5745964e6fcd3f368239cf5d0287471729305667393384

memory/2512-319-0x00000000004D0000-0x000000000098B000-memory.dmp