Malware Analysis Report

2024-10-18 23:35

Sample ID 240927-kkrx7atfqk
Target 6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65
SHA256 6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65
Tags
amadey stealc 9c9aa5 fed3aa save discovery evasion persistence stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65

Threat Level: Known bad

The file 6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65 was found to be: Known bad.

Malicious Activity Summary

amadey stealc 9c9aa5 fed3aa save discovery evasion persistence stealer trojan

Stealc

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Identifies Wine through registry keys

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks BIOS information in registry

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

AutoIT Executable

Drops file in Windows directory

Browser Information Discovery

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-27 08:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 08:39

Reported

2024-09-27 08:42

Platform

win7-20240729-en

Max time kernel

49s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\66211f3836.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000023001\\66211f3836.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\6bb099bf91.exe = "C:\\Users\\Admin\\1000026002\\6bb099bf91.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\cb657bf7c7.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000028001\\cb657bf7c7.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\skotes.job C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
File created C:\Windows\Tasks\axplong.job C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2188 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2188 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2188 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2188 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2700 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe
PID 2700 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe
PID 2700 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe
PID 2700 wrote to memory of 2208 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe
PID 2700 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2700 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2700 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2700 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2700 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe
PID 2700 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe
PID 2700 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe
PID 2700 wrote to memory of 808 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe
PID 808 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 808 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 808 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 808 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1940 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe

"C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe"

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe

"C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe"

C:\Users\Admin\1000026002\6bb099bf91.exe

"C:\Users\Admin\1000026002\6bb099bf91.exe"

C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe

"C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7559758,0x7fef7559768,0x7fef7559778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3172 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe

"C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe"

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1284,i,16591192855177689854,7591968930522843690,131072 /prefetch:8

Network

Country Destination Domain Proto
RU 185.215.113.43:80 185.215.113.43 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
RU 185.215.113.37:80 185.215.113.37 tcp
RU 185.215.113.37:80 185.215.113.37 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.238:443 consent.youtube.com tcp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
RU 185.215.113.16:80 185.215.113.16 tcp
GB 142.250.187.238:443 consent.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.3:443 beacons2.gvt2.com tcp
US 216.239.32.3:443 beacons2.gvt2.com udp
GB 142.250.187.238:443 consent.youtube.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/2188-0-0x0000000001020000-0x00000000014D7000-memory.dmp

memory/2188-1-0x0000000077200000-0x0000000077202000-memory.dmp

memory/2188-2-0x0000000001021000-0x000000000104F000-memory.dmp

memory/2188-3-0x0000000001020000-0x00000000014D7000-memory.dmp

memory/2188-5-0x0000000001020000-0x00000000014D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

MD5 4524cefb7ae3014bb97ef105b46034c8
SHA1 f324b02762bcc28c6d3c4d10773f4603439f5673
SHA256 6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65
SHA512 c7f3bd298e540ae4b825ca4c9b0b21c1c6c8d248cea46d45317f5bf7dd83913bfb21d03222b408302104e41140bf7093df8cbd733f71279ed8b2bf866c798d49

memory/2188-15-0x0000000001020000-0x00000000014D7000-memory.dmp

memory/2188-16-0x0000000001020000-0x00000000014D7000-memory.dmp

memory/2188-18-0x00000000071D0000-0x0000000007687000-memory.dmp

memory/2700-17-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-20-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-19-0x0000000000191000-0x00000000001BF000-memory.dmp

memory/2700-23-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-22-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-24-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-25-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-26-0x0000000000190000-0x0000000000647000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000023001\66211f3836.exe

MD5 2ff9d81435c7d755cb5a6b975ed50ce6
SHA1 a588fbde21ac7335c3b516db6ccaa783eb2a088c
SHA256 162e527a19799d2d3ace95ca315eba1ffa0fd4fd3eac247a26b41212033b2863
SHA512 46688a8fb90c3b3bcb926e6b37129ebd45297283150e61450b685f792d20f7d5d2d88ea2487f73dd76d6e20b513f43ba143ff9d321b47f4f4563287e02a9e235

memory/2700-44-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/2208-45-0x00000000008D0000-0x0000000000F79000-memory.dmp

memory/2700-43-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/2208-46-0x00000000008D0000-0x0000000000F79000-memory.dmp

memory/2700-63-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/2700-64-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/772-65-0x0000000000240000-0x00000000008E9000-memory.dmp

memory/772-66-0x0000000000240000-0x00000000008E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000028001\cb657bf7c7.exe

MD5 4d4ce788750f2f654e42e6bfccde419c
SHA1 33f56a257b9af1d77c085413be668c5d24f9b2e7
SHA256 d8ee72c297423711a6580c3bbcaa8e335459fd111352cf024e662d363752097a
SHA512 68869a12fe7203c3a13391c6cdc6ca271477c00a42dce3ba1ae03cfb214099ec627e01c4416dcf3d63cb030345433b138a12770020006c497deb682cb4c5e516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1940_ZFFSPJRMMJTXTQJV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2700-121-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/2700-122-0x0000000006B40000-0x00000000071E9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\1000029001\1ff9ea2e02.exe

MD5 73acb4cc181aca9525ab9f599500b9ca
SHA1 46a29f8b0e10003f85a8eae8a46473d0344650df
SHA256 4bc8ab389044aabd25719e924300530feddae8efa8a485cbfd67de8f347132f2
SHA512 f84e777e3591e00a8c7ac53ad47554d100aec16f19e143dd69447cd2d3872975c5c673f2ab1a8c66a164d0dec73d8876a7d9064386eb90c0474e55c2187ce5c0

memory/1680-168-0x0000000000C10000-0x00000000010DB000-memory.dmp

memory/2700-167-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-165-0x0000000006B40000-0x000000000700B000-memory.dmp

memory/2700-181-0x0000000006B40000-0x00000000071E9000-memory.dmp

memory/2520-182-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/1680-180-0x0000000000C10000-0x00000000010DB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/2700-201-0x0000000006B40000-0x000000000700B000-memory.dmp

memory/2520-207-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-206-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-210-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-217-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-218-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2520-220-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-219-0x0000000000190000-0x0000000000647000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cca29c0e-c5f0-4302-974c-f2da1197b003.tmp

MD5 d29fcb244d341196187364e444791b60
SHA1 89e0752fd17cdf5a6a184a4cd2ec960f56625905
SHA256 2f936361cecc8e3408159b830492c5669ded41370dedd78e790a3c9cb115a093
SHA512 a942f2b8eb2a74a72b16ff210ef7216273e7141e97b0d93126957fa92c87443479b4c8921e257ff1986a279e2fb869d500c30e134d5b8879bd68ed355b2c1d65

memory/2700-228-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-229-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-230-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-231-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2520-235-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-234-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-243-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-248-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2520-250-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-249-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-251-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-252-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-253-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-254-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2520-256-0x0000000000920000-0x0000000000DEB000-memory.dmp

memory/2700-255-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2700-257-0x0000000000190000-0x0000000000647000-memory.dmp

memory/2520-258-0x0000000000920000-0x0000000000DEB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-27 08:39

Reported

2024-09-27 08:42

Platform

win10v2004-20240910-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe"

Signatures

Amadey

trojan amadey

Stealc

stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Software\Wine C:\Users\Admin\1000026002\6bb099bf91.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\19ea6ecc89.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000028001\\19ea6ecc89.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f486730339.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000023001\\f486730339.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6bb099bf91.exe = "C:\\Users\\Admin\\1000026002\\6bb099bf91.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\skotes.job C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
File created C:\Windows\Tasks\axplong.job C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\1000026002\6bb099bf91.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719000198790893" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe N/A
N/A N/A C:\Users\Admin\1000026002\6bb099bf91.exe N/A
N/A N/A C:\Users\Admin\1000026002\6bb099bf91.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3588 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 3588 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 3588 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
PID 2420 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe
PID 2420 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe
PID 2420 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe
PID 2420 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2420 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2420 wrote to memory of 3116 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\1000026002\6bb099bf91.exe
PID 2420 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe
PID 2420 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe
PID 2420 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe
PID 1340 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1340 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 5004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 5004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 3856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4408 wrote to memory of 4632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe

"C:\Users\Admin\AppData\Local\Temp\6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65.exe"

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe

"C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe"

C:\Users\Admin\1000026002\6bb099bf91.exe

"C:\Users\Admin\1000026002\6bb099bf91.exe"

C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe

"C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdfd60cc40,0x7ffdfd60cc4c,0x7ffdfd60cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2228,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=1796 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe

"C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4720 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4836,i,17699123052166734018,6016056136251540156,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4744 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
RU 185.215.113.43:80 185.215.113.43 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 103.113.215.185.in-addr.arpa udp
RU 185.215.113.37:80 185.215.113.37 tcp
US 8.8.8.8:53 37.113.215.185.in-addr.arpa udp
RU 185.215.113.37:80 185.215.113.37 tcp
RU 185.215.113.103:80 185.215.113.103 tcp
US 8.8.8.8:53 youtube.com udp
GB 142.250.179.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.187.238:443 consent.youtube.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
RU 185.215.113.16:80 185.215.113.16 tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
RU 185.215.113.16:80 185.215.113.16 tcp
GB 142.250.187.238:443 consent.youtube.com udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.187.238:443 consent.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

memory/3588-0-0x0000000000AE0000-0x0000000000F97000-memory.dmp

memory/3588-1-0x0000000077B94000-0x0000000077B96000-memory.dmp

memory/3588-2-0x0000000000AE1000-0x0000000000B0F000-memory.dmp

memory/3588-3-0x0000000000AE0000-0x0000000000F97000-memory.dmp

memory/3588-4-0x0000000000AE0000-0x0000000000F97000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

MD5 4524cefb7ae3014bb97ef105b46034c8
SHA1 f324b02762bcc28c6d3c4d10773f4603439f5673
SHA256 6d16626be7eae239b040702b2f228cc7e84e1e76debfcf0ea9250cd52d177b65
SHA512 c7f3bd298e540ae4b825ca4c9b0b21c1c6c8d248cea46d45317f5bf7dd83913bfb21d03222b408302104e41140bf7093df8cbd733f71279ed8b2bf866c798d49

memory/2420-17-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/3588-18-0x0000000000AE0000-0x0000000000F97000-memory.dmp

memory/2420-19-0x0000000001001000-0x000000000102F000-memory.dmp

memory/2420-20-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2420-21-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2420-22-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000023001\f486730339.exe

MD5 2ff9d81435c7d755cb5a6b975ed50ce6
SHA1 a588fbde21ac7335c3b516db6ccaa783eb2a088c
SHA256 162e527a19799d2d3ace95ca315eba1ffa0fd4fd3eac247a26b41212033b2863
SHA512 46688a8fb90c3b3bcb926e6b37129ebd45297283150e61450b685f792d20f7d5d2d88ea2487f73dd76d6e20b513f43ba143ff9d321b47f4f4563287e02a9e235

memory/2420-31-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/392-38-0x0000000000FC0000-0x0000000001669000-memory.dmp

memory/2420-40-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/392-41-0x0000000000FC0000-0x0000000001669000-memory.dmp

memory/392-42-0x0000000000FC0000-0x0000000001669000-memory.dmp

memory/2420-51-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/3116-58-0x00000000007B0000-0x0000000000E59000-memory.dmp

memory/3116-60-0x00000000007B0000-0x0000000000E59000-memory.dmp

memory/2420-61-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000028001\19ea6ecc89.exe

MD5 4d4ce788750f2f654e42e6bfccde419c
SHA1 33f56a257b9af1d77c085413be668c5d24f9b2e7
SHA256 d8ee72c297423711a6580c3bbcaa8e335459fd111352cf024e662d363752097a
SHA512 68869a12fe7203c3a13391c6cdc6ca271477c00a42dce3ba1ae03cfb214099ec627e01c4416dcf3d63cb030345433b138a12770020006c497deb682cb4c5e516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9592a50366ba2fbd04aef6ec266f857f
SHA1 b2afc5345e90fe7d2eb744d34dbdd17300d5f491
SHA256 5c1c4b0ecd2f1819fbd57d2f21be79b179a9c0014fabbe2ed0cbe59e20041d19
SHA512 3482ef588a4116aa366469a0d5958038c47dcc088e8b3c1e617d5dee67264c64e585d4142ec9034c041079e1758a8bce299093319c0ae1cb7917a11816fcf581

\??\pipe\crashpad_4408_XXESTDIBIJKZIRCP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\1000029001\755bcc2750.exe

MD5 73acb4cc181aca9525ab9f599500b9ca
SHA1 46a29f8b0e10003f85a8eae8a46473d0344650df
SHA256 4bc8ab389044aabd25719e924300530feddae8efa8a485cbfd67de8f347132f2
SHA512 f84e777e3591e00a8c7ac53ad47554d100aec16f19e143dd69447cd2d3872975c5c673f2ab1a8c66a164d0dec73d8876a7d9064386eb90c0474e55c2187ce5c0

memory/1452-141-0x0000000000910000-0x0000000000DDB000-memory.dmp

memory/4940-157-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/1452-156-0x0000000000910000-0x0000000000DDB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 a3cf2efd0da9465749a46c0a541b0b2a
SHA1 14d69537ed9b9a6b726b86df6f3df4eca1527ce1
SHA256 0ba3708f5f829f9c7f587ceb70fe6a6bf0592fa11c8236248fdd2ac1934ba7ce
SHA512 5cd3003a0fffa17f1e82ee02ee7851787b156a94d15f613b21249f09b1691123ae3a21eaba1dc80e5fdb3ca0f5911d12e1ee319ee35b6e02fded65cb9b7ec074

memory/2420-165-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6eddabf061255adf29da50d4b3f73d9c
SHA1 e1539ead4c1169b20e02ea24e80c49151e502118
SHA256 f4838cedac1f19f67b225207ed0ebed9471511f05846e4fdbf3cb118c8a04607
SHA512 177e138a43969356d3eb7768eca99ec758f0b2b671c745ad92db1a875f1036ec623baad0b31bb149c31bdc2d8bb56e91a2fa34c80fbb8f9845c28094a17a7f35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 614bb04fed5ddd3599144a5bf2606514
SHA1 d83d12a0c4dce36d89fe7326d00868ac679df55b
SHA256 8ec1020c6affca6ea9ccb6fb6690c0c8d0a32b6217539f1ea6f4d98d43cc7888
SHA512 f8baffc375dbc1ff20934a3fb0c5fb6f05dbde1841d4e2fcc0491e9041ff7c88074425394fc1163d38effc68bcd3ae5d0e1ebb1495d258a69966cbbf66747250

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a25f4b6ae757f48a6388488c7fc99cec
SHA1 d5e7bce608735dc6cff4e8f9691e3468ddf784df
SHA256 3ea49faaacd42faca1b98b11ab8bf78f5a8942ba0f9932178c78c529ac30e32f
SHA512 09a224743368ce175d4c87b49e0c8d04ea3146ed0c2086ca0f4e0f7617131dff826a5652f763f7be7dc57bb5485b2cdfcbb4d38ab4ad96c73e28e200c8ceae25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e7f9b8e5b0b7a712f4c5b810adaa35c4
SHA1 97cb241f6d62aee512cc46e9e0ea519227866861
SHA256 a4312441432bb26c0660001601bb53371bedcf1224f09adc9105be43d7888979
SHA512 f7cd8631d5cf9dad9b0a993624a31ac5ac8b41bc7ff69547619de3ed9c4518ff8ed683b398d59ce9622e2922f8253d2b0fc153615792d0dd1fd83d3148682266

memory/4940-190-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/4940-191-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-192-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d82b588fc6826506042480f936706b1
SHA1 25749a4940edeae603a178d26004a695ad0da9c4
SHA256 a472998b59039f865bafbb5af20e7c0a41de8e8234feba03a4f0b1d3966b55b3
SHA512 d591e83580a298f2df236cf7b053e6a55f6b103de6d8b68b7209e10b2cd2b1da549ccbd63d7d67b59c715e6f6d6efc23519709a26ba5f95cc9c241f326e806c9

memory/4940-198-0x00000000008C0000-0x0000000000D8B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91421d5436a84fb31a23a9634a085759
SHA1 8773bf945c931a05fb5ee7bff4c70400a659913f
SHA256 beea7c2d03d78458b50da69ffa9f8aadeb833785a14dc864182ae26ab40aed1a
SHA512 1dc9e1dbb4da9785f34a3d93dbaa0bf8ca0fa047a4d3cc98b705ada223db70441197a27e24109766e393d2a73dc33197d8b5fb4f54113d47bfe189e7d66c4fbc

memory/2420-208-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-211-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-212-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 01a7becc6270476b35153e01ecf4a633
SHA1 4f9efda60cdc19e3d34d21f36e38f8a59b9b8be0
SHA256 2476e788b89e04d005a8f92e7f79cff2ea7a17a5b6027a782d02b3eac89499f8
SHA512 81a5d13a60448857a5fc09f1d216644ea31635117bb531f1b63fed9b8203479dcd7cc986bd6927fdff2a0239226e6d77ae62c64002f6d617e447cf9b10cb455b

memory/2676-232-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2628-234-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-235-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2676-236-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2628-238-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2420-239-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-240-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-241-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-252-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-253-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d7ac3bb0abafdafeb4ad8aa0906fcb70
SHA1 ee22cb298877181bbfe4ca800dface288d032dc5
SHA256 93a2693f50d6f9c9fc782fe9f2e9ba43de8c952e5c9b8295287296cf689ab8e3
SHA512 f22e70f2d669c609a137bf24e6a24fbb6f068e7435893376a60f509269ee4ca32c0eacf97ed6b085fa2620bb67445910c346d5f525e106f76611ef0e8ae499d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b1669ea059c1e18ffe32bb1f406a964b
SHA1 dd6d2cb82182f083360ab94c51094400a772550a
SHA256 94777492294a51bc3f1363520eb5acd4c35eb0b378eda0b1956be29af3905c8c
SHA512 6acd3f50c479257eee1292467e2f711eb2affbf61172bdbaf8813ec9a2e3e024f9ca5a2a3634ca4d8538444cc22391533d7d5ba0c74aece2d1a728e2bb02ed2e

memory/4940-277-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-278-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b02f215cd95df1337ea1a688cfe67540
SHA1 99c98dbe8aff83b5e2eb2b12eb4d8fc77f7a7635
SHA256 0a3f0b2bbede28c38b1d81b6322e18496506dbe05892f588c3f2c26983e4db0b
SHA512 8833ff6196cb46a3974114d701f7982698b5fb7b0165ff60d956e5981658b06042298054e244cb813a147bfb03840dd43fcc9cc479c6100af6832654288e500a

memory/4940-288-0x00000000008C0000-0x0000000000D8B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e87d852be39b290b43a3fc832aeb445c
SHA1 278383d93d4ba06d3173dcecae6074dcadaf872e
SHA256 347c6b2e4534a8ee475366e3033271fdd749fe188d6474b686ef8eb6314e1a02
SHA512 2092a1c5b185438cd7b015be97b750bc05db92f65cdf4c5c6ea675ee3f6cecd089489e5198c1ee9021ecea4358ce414a25fc43c2d87ff9c21f32918bda267bb1

memory/2420-298-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-299-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-300-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2360-303-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2664-305-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/4940-304-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2360-306-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/2664-308-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-309-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-310-0x00000000008C0000-0x0000000000D8B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23312e213c02dc07b5c36dc6c2de411c
SHA1 b5aef6e7b5505f5356331750b84bf6eed0bc7d3a
SHA256 98bec0c0ab299d9a883cb2ef72b525a3e63aa6ce9cbf85d4e426da59dd043099
SHA512 d112e2ca19f24a35cc365b5ed3b35f79a4f89347a4b99e6a5552b227668e738e6c65ffd411ececf091ee03c298a87dc6e3fac7f5996b7bb208b53d1a15bc8e7a

memory/2420-320-0x0000000001000000-0x00000000014B7000-memory.dmp

memory/4940-331-0x00000000008C0000-0x0000000000D8B000-memory.dmp

memory/2420-332-0x0000000001000000-0x00000000014B7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dd699e17afed9af3c2c4692708cf2fb6
SHA1 3fcf0296cf166040444568f30a84700332139efb
SHA256 fdec0e1063f91a9cec216b20284eed5c7b535f1bbd37747e55d3d26b3e421591
SHA512 7e06dc6c5874fc774df070f4cd0ec86d1c9f3e77bb74476e440fe641292fc9e2307d4fe9bb397057732528b39921552f3c65fcc4101d5a41c849309e2675423b

memory/4940-342-0x00000000008C0000-0x0000000000D8B000-memory.dmp