6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5

Resubmissions

22/05/2020, 16:28

200522-ysyjrm8xj6 7

22/05/2020, 16:15

200522-dvss5m5wps 7

Analysis

max time kernel
150s
max time network
157s
platform
windows7_x64
resource
win7v200430
submitted
22/05/2020, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
Size

196KB
MD5

a0d418e31766effadc6a37e81ad21743
SHA1

9ec2753f1a123fcd42d95811e1f3b27547b215d0
SHA256

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5
SHA512

f11160a126b865e561cd1fc99b5bf25a52bfb0be14fb709ba012a045b26f585456f7f55d2d0a3b5d754e1512771b89d768e40718589fc9c9a16b30c2a07dda74

Score

7^/10

spyware evasion trojan ransomware

Malware Config

Signatures

Suspicious use of WriteProcessMemory 1345 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1504	1520	chrome.exe	27
PID 1520 wrote to memory of 1504	1520	chrome.exe	27
PID 1520 wrote to memory of 1504	1520	chrome.exe	27
PID 1520 wrote to memory of 1324	1520	chrome.exe	28
PID 1520 wrote to memory of 1324	1520	chrome.exe	28
PID 1520 wrote to memory of 1324	1520	chrome.exe	28
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 656	1520	chrome.exe	29
PID 1520 wrote to memory of 292	1520	chrome.exe	30
PID 1520 wrote to memory of 292	1520	chrome.exe	30
PID 1520 wrote to memory of 292	1520	chrome.exe	30
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1592	1520	chrome.exe	31
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1872	1520	chrome.exe	32
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 1288	1520	chrome.exe	34
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2248	1520	chrome.exe	35
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2264	1520	chrome.exe	36
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2424	1520	chrome.exe	37
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2492	1520	chrome.exe	38
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2540	1520	chrome.exe	39
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2556	1520	chrome.exe	40
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2604	1520	chrome.exe	41
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2644	1520	chrome.exe	42
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2672	1520	chrome.exe	43
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2712	1520	chrome.exe	44
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2812	1520	chrome.exe	45
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2828	1520	chrome.exe	46
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2904	1520	chrome.exe	47
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 2920	1520	chrome.exe	48
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 3000	1520	chrome.exe	49
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 1900	1520	chrome.exe	50
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2136	1520	chrome.exe	51
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2156	1520	chrome.exe	52
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2220	1520	chrome.exe	53
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2352	1520	chrome.exe	54
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2548	1520	chrome.exe	55
PID 1520 wrote to memory of 2752	1520	chrome.exe	56
PID 1520 wrote to memory of 2752	1520	chrome.exe	56
PID 1520 wrote to memory of 2752	1520	chrome.exe	56
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2892	1520	chrome.exe	57
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2828	1520	chrome.exe	58
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2960	1520	chrome.exe	59
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 2920	1520	chrome.exe	60
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 3056	1520	chrome.exe	61
PID 1520 wrote to memory of 2200	1520	chrome.exe	62
PID 1520 wrote to memory of 2200	1520	chrome.exe	62
PID 1520 wrote to memory of 2200	1520	chrome.exe	62
PID 1520 wrote to memory of 2068	1520	chrome.exe	63
PID 1520 wrote to memory of 2068	1520	chrome.exe	63
PID 1520 wrote to memory of 2068	1520	chrome.exe	63
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 1256	1520	chrome.exe	64
PID 1520 wrote to memory of 2324	1520	chrome.exe	65
PID 1520 wrote to memory of 2324	1520	chrome.exe	65
PID 1520 wrote to memory of 2324	1520	chrome.exe	65
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66
PID 1520 wrote to memory of 2420	1520	chrome.exe	66

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Modifies control panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\WallpaperStyle = "2"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\TileWallpaper = "2"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
880	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
292	chrome.exe
1520	chrome.exe
1520	chrome.exe
2752	chrome.exe
2200	chrome.exe
2068	chrome.exe
2324	chrome.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded309000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	chrome.exe

Drops Chrome extension 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8220.319.1.2_0\_metadata\computed_hashes.json	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1.jpg"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

C:\Users\Admin\AppData\Local\Temp\6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
"C:\Users\Admin\AppData\Local\Temp\6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe"
1⤵
- Modifies control panel
- Suspicious use of SetWindowsHookEx
- Sets desktop wallpaper using registry
PID:880

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious behavior: EnumeratesProcesses
- Checks whether UAC is enabled
- Drops Chrome extension
PID:1520
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xa4,0xa8,0xac,0x78,0xb0,0x7fef63fbd28,0x7fef63fbd38,0x7fef63fbd48
  2⤵
  PID:1504
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1516 --on-initialized-event-handle=352 --parent-handle=356 /prefetch:6
  2⤵
  PID:1324
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1096 --ignored=" --type=renderer " /prefetch:2
  2⤵
  PID:656
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Modifies system certificate store
  PID:292
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2516 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2628 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2660 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1088 --ignored=" --type=renderer " /prefetch:2
  2⤵
  PID:2424
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2880 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2976 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3028 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3144 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3152 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3048 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2672
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3232 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3368 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3440 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3152 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3096 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2604 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2592 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2468 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2648 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2848 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2196 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2220 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2204 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1084,15338994265299932698,14937089286008409349,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=964 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

memory/656-1-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/656-2-0x0000000076EF0000-0x0000000076EF1000-memory.dmp

Filesize
4KB

Download
memory/656-0-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/1256-351-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/1288-17-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/1520-168-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-164-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-173-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-171-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-170-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-169-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-357-0x000000001C740000-0x000000001C763000-memory.dmp

Filesize
140KB

Download
memory/1520-167-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-165-0x0000000021F80000-0x0000000021FA3000-memory.dmp

Filesize
140KB

Download
memory/1520-172-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-163-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-162-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-160-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-154-0x000000001C740000-0x000000001C763000-memory.dmp

Filesize
140KB

Download
memory/1520-153-0x000000001C740000-0x000000001C763000-memory.dmp

Filesize
140KB

Download
memory/1520-140-0x000000001E980000-0x000000001E991000-memory.dmp

Filesize
68KB

Download
memory/1520-174-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1520-356-0x000000001C928000-0x000000001C944000-memory.dmp

Filesize
112KB

Download
memory/1592-90-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-103-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-5-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/1592-12-0x000004EC00040000-0x000004EC00041000-memory.dmp

Filesize
4KB

Download
memory/1592-19-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-108-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-107-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-106-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-105-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-104-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-102-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-101-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-100-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-99-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-98-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-97-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-96-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-95-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-94-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-93-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-92-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-91-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-89-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-88-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-87-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-86-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-85-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-84-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-83-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-82-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-64-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-65-0x0000000009E20000-0x0000000009E31000-memory.dmp

Filesize
68KB

Download
memory/1592-66-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-67-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-68-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-69-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-70-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-71-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-72-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-73-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-74-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-75-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-76-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-77-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-78-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-79-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-80-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1592-81-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-60-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-59-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-58-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-57-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-56-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-55-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-35-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-54-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-53-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-52-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-51-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-50-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-41-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-45-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-44-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-43-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-34-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-61-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-26-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-22-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-39-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-38-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-33-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-32-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-31-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-9-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/1872-36-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-14-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-15-0x0000000009CF0000-0x0000000009D01000-memory.dmp

Filesize
68KB

Download
memory/1872-37-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-20-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-30-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-21-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-40-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-23-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-24-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-29-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-28-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-62-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-27-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1872-25-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1900-225-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-224-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-226-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-227-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-228-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-229-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-230-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-231-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-232-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-233-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-234-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-235-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-176-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/1900-180-0x0000000008B30000-0x0000000008B41000-memory.dmp

Filesize
68KB

Download
memory/1900-181-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-182-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-183-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-184-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-185-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-221-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-223-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-195-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-196-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-197-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-198-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-199-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-200-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-201-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-202-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-203-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-204-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-205-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-206-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-207-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-208-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-209-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-210-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-211-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-212-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-213-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-214-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-222-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-215-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-219-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/1900-220-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2136-187-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2156-190-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2248-111-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2264-113-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2352-217-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2420-354-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2424-117-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2492-120-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2540-123-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2548-284-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-257-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-261-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-276-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-285-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-283-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-282-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-243-0x0000000008D90000-0x0000000008DA1000-memory.dmp

Filesize
68KB

Download
memory/2548-244-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-245-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-246-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-247-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-248-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-249-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-250-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-251-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-252-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-253-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-254-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-255-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-256-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-281-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-258-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-259-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-260-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-280-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-262-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-263-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-264-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-265-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-266-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-267-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-268-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-269-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-270-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-271-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-272-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-273-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-274-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-275-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-286-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-277-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-278-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2548-279-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2556-125-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2604-129-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2644-131-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2672-135-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2812-142-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2828-144-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2828-292-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2892-289-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2904-148-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2920-151-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2920-298-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/2960-295-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/3000-161-0x0000000009040000-0x0000000009051000-memory.dmp

Filesize
68KB

Download
memory/3000-156-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download
memory/3000-237-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/3056-327-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-331-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-310-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-311-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-312-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-313-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-314-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-315-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-316-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-317-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-318-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-319-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-320-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-324-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-308-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-322-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-321-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-325-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-326-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-323-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-328-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-329-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-330-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-309-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-332-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-333-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-334-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-335-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-336-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-337-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-338-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-339-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-340-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-341-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-342-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-343-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-344-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-345-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-346-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-347-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-348-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-307-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-306-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/3056-305-0x0000000008A70000-0x0000000008A81000-memory.dmp

Filesize
68KB

Download
memory/3056-301-0x000000013FC70FC0-0x000000013FC71110-memory.dmp

Filesize
336B

Download