a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

Resubmissions

22-05-2020 23:12

200522-zx87kfkqfx 3

22-05-2020 23:06

200522-l1sckhd8p6 7

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7v200430
submitted
22-05-2020 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gmpopenh264.dll
Size

997KB
MD5

fe3355639648c417e8307c6d051e3e37
SHA1

f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256

1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512

8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Score

7^/10

spyware evasion trojan

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskmgr.exe

description pid process

Token: SeDebugPrivilege 1480 taskmgr.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

description	pid	process
Token: SeDebugPrivilege	1480	taskmgr.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob = 040000000100000010000000d6a5c3ed5ddd3e00c13d87921f1d3fe40f0000000100000014000000254f527930383ecbe8b1b23d4940698c516f5a7c09000000010000005e000000305c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a030453000000010000002400000030223020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c01400000001000000140000006890e467a4a65380c78666a4f1f74b43fb84bd6d1d00000001000000100000005bf364bfa439f0b0b5487931c26c8a950b000000010000001000000045006e00740072007500730074000000030000000100000014000000b31eb1b740e36c8402dadc37d44df5d4674952f9190000000100000010000000a62b124070201c18d5e44196e10ee6cb2000000001000000950400003082049130820379a0030201020204456b5054300d06092a864886f70d01010505003081b0310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31393037060355040b13307777772e656e74727573742e6e65742f43505320697320696e636f72706f7261746564206279207265666572656e6365311f301d060355040b1316286329203230303620456e74727573742c20496e632e312d302b06035504031324456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479301e170d3036313132373230323334325a170d3236313132373230353334325a3081b0310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31393037060355040b13307777772e656e74727573742e6e65742f43505320697320696e636f72706f7261746564206279207265666572656e6365311f301d060355040b1316286329203230303620456e74727573742c20496e632e312d302b06035504031324456e747275737420526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b695b64342fac66d2a6f48df944c395705eec37911416836edecfe9a018fa13828fcf71046662e4d1e1ab11a4ec6d1c09588b0c9ff318b3303dbb7837b3e20845eedb25628a7f8e0b9407137c5cb470e972a68c022956215db47d9f5d02bff824bc9ad3ede4cdb9080503f098a8400ec300a3d18cdfbfd2a599a2395172c459e1f6e43796d0c5c98fe48a7c523475c5efd6ee71eb4f66845d186835ba28a8db1e32980fe257188adbebc8fac52964baa518de4133119e84e4d9fdbacb36ad5bc395471ca7a7a7f90dd7d1d80d981bb5926c211fee693e2f780e465fb34370e2980704daf38862e9e7f57af9e17aeeb1ccb28215fb61cd8e7a20422f9d3dad8cb0203010001a381b03081ad300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff302b0603551d1004243022800f32303036313132373230323334325a810f32303236313132373230353334325a301f0603551d230418301680146890e467a4a65380c78666a4f1f74b43fb84bd6d301d0603551d0e041604146890e467a4a65380c78666a4f1f74b43fb84bd6d301d06092a864886f67d0741000410300e1b0856372e313a342e3003020490300d06092a864886f70d0101050500038201010093d430b0d703202ad0f963e8910c0520a95f19ca7b724ed4b1dbd096fb545a192c0c08f7b2bc85a89d7f6d3b52b32adbe7d4848c63f60fcb260191506cf45f14e29374c0139e303a50e3b460c51cf022448d7147acc81ac9e99b9a006013ff707e5f114d491bb315527bc954dabf9d95af6b9ad89ee9f1e4438de211443abfafbd834273528baabba729cff5641c0a4dd1bcaaac9f2ad0ff7f7fda7deab1ed3025c184da34d25b788356ec9c36c326e211f667491d92ab8cfbebff7aee854aa75080f0a75c4a942e5f05993c5241e0cdb463cf0143ba9c83dc8f603bf35ab4b47baeda0b903875ef811d66d2f7577036b3bffc28af7125855b13fe1e7f5ab43c	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	chrome.exe

Suspicious use of WriteProcessMemory 1442 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1032 wrote to memory of 112	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 112	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 112	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 484	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 484	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 484	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1236	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1804	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1804	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 1804	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe
PID 1032 wrote to memory of 760	1032	chrome.exe	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

chrome.exetaskmgr.exe

pid process

1032 chrome.exe
1480 taskmgr.exe
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	chrome.exe

Drops Chrome extension 3 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8220.319.1.2_0\_metadata\computed_hashes.json	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exetaskmgr.exe

pid	process
1804	chrome.exe
1032	chrome.exe
1032	chrome.exe
2476	chrome.exe
2972	chrome.exe
2768	chrome.exe
3036	chrome.exe
2204	chrome.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe
1480	taskmgr.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
1⤵
PID:288

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- Suspicious use of SendNotifyMessage
- Suspicious behavior: GetForegroundWindowSpam
- Checks whether UAC is enabled
- Drops Chrome extension
- Suspicious behavior: EnumeratesProcesses
PID:1032

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xa4,0xa8,0xac,0x78,0xb0,0x7fefa80bd28,0x7fefa80bd38,0x7fefa80bd48
2⤵
PID:112

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=108 --on-initialized-event-handle=352 --parent-handle=356 /prefetch:6
2⤵
PID:484

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1084 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:1236

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1204 /prefetch:8
2⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1804

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
2⤵
PID:760

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
2⤵
PID:300

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2272 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1544

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2576 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1992

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2500 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1984

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2512 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:2132

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2920 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2236

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3168 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2364

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3192 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2416

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3276 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2436

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3284 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2456

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2832 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2588

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2776 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2632

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2812 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2676

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
2⤵
PID:2720

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2496 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2768

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2864

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
2⤵
PID:1000

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1172 /prefetch:1
2⤵
PID:1980

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=3244 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2476

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3200 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2504

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2684 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2560

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1260 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2584

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2464 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2644

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
2⤵
PID:2668

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
2⤵
PID:3064

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
2⤵
PID:2376

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2460 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2452 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=800 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1976

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=3252 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3128 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1616

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2720 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1588

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
2⤵
PID:1576

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
2⤵
PID:2808

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=796 /prefetch:1
2⤵
PID:2568

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2128 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1072,6458231251309117183,6468815321624139706,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1368 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:812

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: EnumeratesProcesses
PID:1480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Download Submit
\??\pipe\crashpad_1032_UWHWEMTPXHWHGYTW

Download Submit
memory/300-9-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/300-15-0x0000053B00040000-0x0000053B00041000-memory.dmp

Filesize
4KB

Download
memory/300-17-0x0000000007DF0000-0x0000000007E01000-memory.dmp

Filesize
68KB

Download
memory/760-39-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-60-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-68-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-67-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-22-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-66-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-24-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-25-0x00000000099C0000-0x00000000099D1000-memory.dmp

Filesize
68KB

Download
memory/760-26-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-27-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-28-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-29-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-30-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-31-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-40-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-33-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-34-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-35-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-36-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-37-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-38-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-65-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-32-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-5-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/760-50-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-43-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-44-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-45-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-51-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-52-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-53-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-54-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-55-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-56-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-57-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-58-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-59-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-41-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-61-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-62-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-63-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/760-64-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/812-552-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1000-232-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-217-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-199-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-200-0x0000000009BC0000-0x0000000009BD1000-memory.dmp

Filesize
68KB

Download
memory/1000-243-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-242-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-201-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-202-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-203-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-204-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-205-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-206-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-207-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-208-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-209-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-210-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-211-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-212-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-213-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-214-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-215-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-241-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-240-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-216-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-239-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-238-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-218-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-219-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-220-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-221-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-222-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-223-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-224-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-237-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-236-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-225-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-226-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-235-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-234-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-233-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-192-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1000-231-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-230-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-229-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-228-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1000-227-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1032-89-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-77-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-119-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-118-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-117-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-116-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-115-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-114-0x0000000021530000-0x0000000021553000-memory.dmp

Filesize
140KB

Download
memory/1032-112-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-93-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-106-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-98-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-413-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-92-0x000000001D6D0000-0x000000001D6F3000-memory.dmp

Filesize
140KB

Download
memory/1032-84-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-87-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-86-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-85-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-78-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-83-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-82-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-81-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-80-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1032-79-0x000000001E6E0000-0x000000001E6F1000-memory.dmp

Filesize
68KB

Download
memory/1236-1-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1236-3-0x00000000771B0000-0x00000000771B1000-memory.dmp

Filesize
4KB

Download
memory/1236-0-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1544-13-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1576-473-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-452-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-432-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-476-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-475-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-474-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-433-0x0000000009840000-0x0000000009851000-memory.dmp

Filesize
68KB

Download
memory/1576-434-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-435-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-472-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-471-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-436-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-437-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-438-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-439-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-440-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-441-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-442-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-443-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-444-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-445-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-446-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-447-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-448-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-449-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-450-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-451-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-425-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1576-470-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-469-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-453-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-454-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-455-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-456-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-457-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-458-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-459-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-460-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-461-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-462-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-463-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-464-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-465-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-466-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-467-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1576-468-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1588-422-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1976-416-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1980-197-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1980-248-0x0000000008710000-0x0000000008721000-memory.dmp

Filesize
68KB

Download
memory/1984-23-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/1992-19-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2132-72-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2236-75-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2364-99-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2376-407-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-388-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-410-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-409-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-408-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-406-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-371-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-372-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-373-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-374-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-375-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-376-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-377-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-378-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-379-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-380-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-381-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-382-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-383-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-384-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-385-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-386-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-387-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-370-0x0000000008AD0000-0x0000000008AE1000-memory.dmp

Filesize
68KB

Download
memory/2376-405-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-389-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-390-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-391-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-392-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-393-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-394-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-395-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-396-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-397-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-398-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-399-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-400-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-401-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-402-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-403-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2376-404-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2416-103-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2436-107-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2456-111-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2504-251-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2560-254-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2568-534-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-526-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-511-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-504-0x0000000009390000-0x00000000093A1000-memory.dmp

Filesize
68KB

Download
memory/2568-505-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-506-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-507-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-508-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-512-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-513-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-514-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-509-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-515-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-516-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-517-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-518-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-519-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-520-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-521-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-522-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-523-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-524-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-525-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-510-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-527-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-528-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-529-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-531-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-532-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-533-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-535-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-536-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-537-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-538-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-539-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-540-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-541-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-542-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-543-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-544-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-545-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-546-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-547-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2568-548-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2584-257-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2588-121-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2632-124-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2644-260-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2668-287-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-289-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-267-0x0000000008D90000-0x0000000008DA1000-memory.dmp

Filesize
68KB

Download
memory/2668-268-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-269-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-270-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-307-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-309-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-271-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-272-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-273-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-274-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-275-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-276-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-277-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-278-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-279-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-280-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-281-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-282-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-283-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-284-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-285-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-286-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-288-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-308-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-290-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-291-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-292-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-293-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-294-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-295-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-296-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-297-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-298-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-299-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-300-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-301-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-302-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-303-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-304-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-305-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-306-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2668-310-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2676-127-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2720-312-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2720-137-0x0000000009740000-0x0000000009751000-memory.dmp

Filesize
68KB

Download
memory/2720-130-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2768-134-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2808-492-0x0000000009980000-0x0000000009991000-memory.dmp

Filesize
68KB

Download
memory/2808-487-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2864-176-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-161-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-140-0x000000013FAA0FC0-0x000000013FAA1110-memory.dmp

Filesize
336B

Download
memory/2864-144-0x00000000096A0000-0x00000000096B1000-memory.dmp

Filesize
68KB

Download
memory/2864-145-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-146-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-147-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-148-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-149-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-150-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-151-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-152-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-153-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-154-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-155-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-156-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-157-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-158-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-159-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-160-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-162-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-163-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-164-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-165-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-166-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-167-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-168-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-169-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-170-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-171-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-172-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-173-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-174-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-175-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-177-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-178-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-179-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-180-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-181-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-182-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-183-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-190-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-187-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-186-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-185-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2864-184-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-336-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-318-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-355-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-354-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-353-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-352-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-351-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-350-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-349-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-360-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-348-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-347-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-346-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-345-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-344-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-343-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-342-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-341-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-340-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-339-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-338-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-337-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-362-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-356-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-332-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-334-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-333-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-430-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-331-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-330-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-329-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-328-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-327-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-326-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-325-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-324-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-323-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-322-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-321-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-320-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-319-0x0000000009F40000-0x0000000009F51000-memory.dmp

Filesize
68KB

Download
memory/3064-335-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-414-0x0000000009F40000-0x0000000009F51000-memory.dmp

Filesize
68KB

Download
memory/3064-358-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-359-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-357-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3064-361-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download