Malware Analysis Report

2024-11-30 22:03

Sample ID 240704-yvgrvsyeqg
Target eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad
SHA256 eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad
Tags
amadey 4dd39d evasion trojan stealc nice discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad

Threat Level: Known bad

The file eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad was found to be: Known bad.

Malicious Activity Summary

amadey 4dd39d evasion trojan stealc nice discovery spyware stealer

Amadey

Stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Identifies Wine through registry keys

Checks BIOS information in registry

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Reads data files stored by FTP clients

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-04 20:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 20:06

Reported

2024-07-04 20:10

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe"

Signatures

Amadey

trojan amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe

"C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Network

Country Destination Domain Proto
RU 77.91.77.82:80 tcp
RU 77.91.77.82:80 tcp

Files

memory/2788-0-0x00000000004A0000-0x000000000095D000-memory.dmp

memory/2788-1-0x00000000775A4000-0x00000000775A6000-memory.dmp

memory/2788-2-0x00000000004A1000-0x00000000004CF000-memory.dmp

memory/2788-3-0x00000000004A0000-0x000000000095D000-memory.dmp

memory/2788-5-0x00000000004A0000-0x000000000095D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 32990cfa629b89533fb2a04ae8e966c5
SHA1 1438ae4069286ca2174ee15b8c5c7cb169c93f1d
SHA256 eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad
SHA512 3db1b9d51585a66166c579ac1f502a65f77fac95bbba7d9f497b1c82d585ac6aaf095d69279c99250ca13f04bf9e8f048bf61a6113ab879c3f6cfabae0c5a0c8

memory/1068-18-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/2788-16-0x00000000004A0000-0x000000000095D000-memory.dmp

memory/1068-20-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-19-0x0000000000AB1000-0x0000000000ADF000-memory.dmp

memory/1068-21-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-22-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-23-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-24-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-25-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4100-27-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4100-28-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4100-29-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4100-30-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-31-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-32-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-33-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-34-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-35-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-36-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4044-38-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4044-40-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-41-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-42-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-43-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-44-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-45-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/1068-46-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

memory/4448-48-0x0000000000AB0000-0x0000000000F6D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-04 20:06

Reported

2024-07-04 20:08

Platform

win11-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\explorti.job C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645971982144456" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2316 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2316 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 2316 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
PID 4048 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe
PID 4048 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe
PID 4048 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe
PID 4048 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe
PID 4048 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe
PID 4048 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe
PID 2424 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 4304 N/A C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 4780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 3660 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4304 wrote to memory of 392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe

"C:\Users\Admin\AppData\Local\Temp\eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

"C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe"

C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe

"C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c0fcab58,0x7ff8c0fcab68,0x7ff8c0fcab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CFIEBKEHCA.exe"

C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe

"C:\Users\Admin\AppData\Local\Temp\DBKFHJEBAA.exe"

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1844,i,10037026736497055724,3130966315003766130,131072 /prefetch:2

Network

Country Destination Domain Proto
RU 77.91.77.82:80 77.91.77.82 tcp
RU 77.91.77.81:80 77.91.77.81 tcp
US 8.8.8.8:53 82.77.91.77.in-addr.arpa udp
US 8.8.8.8:53 81.77.91.77.in-addr.arpa udp
RU 85.28.47.30:80 85.28.47.30 tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
RU 77.91.77.81:80 77.91.77.81 tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 172.217.169.35:443 beacons.gcp.gvt2.com udp

Files

memory/2316-0-0x0000000000360000-0x000000000081D000-memory.dmp

memory/2316-1-0x0000000077E16000-0x0000000077E18000-memory.dmp

memory/2316-2-0x0000000000361000-0x000000000038F000-memory.dmp

memory/2316-3-0x0000000000360000-0x000000000081D000-memory.dmp

memory/2316-5-0x0000000000360000-0x000000000081D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

MD5 32990cfa629b89533fb2a04ae8e966c5
SHA1 1438ae4069286ca2174ee15b8c5c7cb169c93f1d
SHA256 eec4aaaf11532078af1ae71b818197764474f7fff7bc8a2cd6b495d6e84772ad
SHA512 3db1b9d51585a66166c579ac1f502a65f77fac95bbba7d9f497b1c82d585ac6aaf095d69279c99250ca13f04bf9e8f048bf61a6113ab879c3f6cfabae0c5a0c8

memory/2316-16-0x0000000000360000-0x000000000081D000-memory.dmp

memory/4048-17-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-18-0x0000000000BC1000-0x0000000000BEF000-memory.dmp

memory/4048-19-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-20-0x0000000000BC0000-0x000000000107D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006001\18e0804918.exe

MD5 de1d8c161d81ba79c888fef77c75db93
SHA1 55e3b5e658d41d98779214afb48d34c66bf17346
SHA256 31cbdcdb540d6bc6fbc616c288f6f7ad7c74fe74eff55a135dafc31853b76126
SHA512 4d243246e4476555a4b018d2df63ae93da8c64096523c8f8b20ba616b0dec97c21e4bed7dced51da50c0908ad3da6b882b11de6d668b71852f2290850a6810ea

memory/1600-36-0x0000000000930000-0x0000000001523000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000007001\550b3a2584.exe

MD5 86738dd73219b83320ba19af11c97e11
SHA1 a18ae0b3abf1aabece29993b227eef15f8e055e1
SHA256 6e517782e2e25b874ddf2861144e814309235517cf517890efff1a183c014b21
SHA512 45150d8ddc155c52fde993b308d79bd5fb57c835339de9bee7e98a7a035a79ac947d8ecab8bbd2873b4ba75b3a6a5956769a234c929c183b7fdf1284ce08e3ae

memory/1600-55-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_4304_YAWCOIZDNWSDJPYY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/4048-166-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/1600-175-0x0000000000930000-0x0000000001523000-memory.dmp

memory/5100-179-0x0000000000680000-0x0000000000B3D000-memory.dmp

memory/5100-181-0x0000000000680000-0x0000000000B3D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3f10fd0b2e6b270a3ef638b50922f7d0
SHA1 cdc98ea6a018ce5d6f1f1a0ba4220ebec7740499
SHA256 25197e1e22a11b2e0ef5bdf62993280e868327035055f700cf2a5df46dec810b
SHA512 8c3d386190b32c75058d824e2bfb5cea9f7490bd768cdc7e4a9a1ccfdd95163569baa5cd17de2be3798038da4c3bac753c4a5ab51fff1cc8f49ff747ab2bef6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1de806d624bf0a1745ac3a8037cff6f8
SHA1 d319b3cf96447bf62e1a21e6f138eb7c8d39b6a8
SHA256 869f6397e5905cc300a4311317f719f5d1eae540849541aefafc6defd4f24929
SHA512 1610f40374fea54a1b8a4e2ad3b16cb67bad031c5ebdecea1a4e62fa202973d1180cdd3a6c9de1be79de445f19ffa0c2a148aa4739fdb47dbf3bba6e3d8c6aba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3ae137d6c8122ab753ae3a865becd1b
SHA1 88bb78d837d3a6e329dfdd9570d3224ad4cc4d80
SHA256 82d39ffc25065452c245031928b8ec50e79cdfd1d3123a0db6799af79ec2da2f
SHA512 a2a48e9ce23d3fbfb7f205e2c6c114303b6e0ac7f1324233a9dc02f43baa68973162dc7f04c51d5977e7c8c7a2045bd017f2b9f1cfddebd90661c77d3bd49ae8

memory/4048-197-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-200-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-201-0x0000000000BC0000-0x000000000107D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 08ec249f941a630001ed946b45514d95
SHA1 2ab8e98d10368a0f0eeef837dd236dcc2f4d92bb
SHA256 5e9f2b1fa61d93188959cc54ceb185f2bd1be42a06235c5046d4b0670cf4bc91
SHA512 fd1ac54c311bd29b696c39a853e4cbf735cfffd8d379808ab15e896f685acf6ae7b2a2909bd0813758527741ea2e78906a5cafad616f2d8b94af35834dec0de2

memory/4048-209-0x0000000000BC0000-0x000000000107D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2c8eed5efbf53fea188abfdeabb3e4e
SHA1 68f63d28b56a07ecd933f60c8bb08b3b94dd5a21
SHA256 0a264f6ae96b3d800c3a38b9d2e8e4b2a1a837a24b5ecbd530cf68f148f66547
SHA512 b6d7f44e24d390e94c93b34a929ff0fd35f7e0fbd68fe9493f0b1662d2ad161bdea054db7fe255ca90c788b91ad19eac80a492021e535f73243dc9a18f0c6afd

memory/4048-215-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/904-217-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/904-219-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-220-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-230-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-231-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-233-0x0000000000BC0000-0x000000000107D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 32264b78c494bbfd178c83693faf0e7a
SHA1 7bf941669d1ea5f5dcc50d987179e985825ec6d7
SHA256 09e6a66bc80ed9cc82b0b7b3c0c7786e6529c6bbf4de919f4f85b9e88f1297b9
SHA512 446731c8668433ecf3e8c58d8e1da090dca6d09f1fcfae79a6740854690fb43bcd050fb58475457f8339d232de1ec7494f019f031a24067d747dddc5ae449b01

memory/4048-248-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-249-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4000-251-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4000-252-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-253-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-254-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-255-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-261-0x0000000000BC0000-0x000000000107D000-memory.dmp

memory/4048-262-0x0000000000BC0000-0x000000000107D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1222d5d2ce9b439fa13dd9567c55e86
SHA1 59045892817209df008c199af065b451a3bf0716
SHA256 9bb97c168365e4a21de2e28a4ea7ff3a829db559206e6ba021cd783d8e43e8d6
SHA512 c80b571173772694b15da17fac46f93b9658766f1d75fc11e9f2f0589f6bc9f432215fe9b433c6b8208cc2d6c89ffd1915fdb533b8e82ec5f8a9e9b2d39488e1