1ce2e225d3dc987a637103c99fcd55bf5895becf20ad2675bddb7810b1a2e27d

Analysis

max time kernel
294s
max time network
296s
platform
windows10_x64
resource
win10v200430
submitted
10-07-2020 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

183Pr0v.exe
Size

460KB
MD5

23b04f4c7d134b4b8a7eadd756da0e14
SHA1

5795b03dbf54d8153c257e4bc507b92f86a3dca1
SHA256

1ce2e225d3dc987a637103c99fcd55bf5895becf20ad2675bddb7810b1a2e27d
SHA512

e54e13e6d273c240909699476499d823ac37728f581e4f50b8aa200cf7bc03598dd853b8d2c8ff1c5f7d052af42267db824abb88e8c02f82d14d20466d5729b5

Score

7^/10

spyware

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
1572	chrome.exe
1572	chrome.exe
2768	chrome.exe
2768	chrome.exe
4440	chrome.exe
4440	chrome.exe
4616	chrome.exe
4616	chrome.exe
5096	chrome.exe
5096	chrome.exe
1908	chrome.exe
1908	chrome.exe
4508	chrome.exe
4508	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Checks whether UAC is enabled 25 IoCs

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of WriteProcessMemory 819 IoCs

Processes:

iexplore.exechrome.exe

description	pid	process	target process
PID 3652 wrote to memory of 3584	3652	iexplore.exe	IEXPLORE.EXE
PID 3652 wrote to memory of 3584	3652	iexplore.exe	IEXPLORE.EXE
PID 3652 wrote to memory of 3584	3652	iexplore.exe	IEXPLORE.EXE
PID 2768 wrote to memory of 1456	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 1456	2768	chrome.exe	chrome.exe
PID 3652 wrote to memory of 3348	3652	iexplore.exe	IEXPLORE.EXE
PID 3652 wrote to memory of 3348	3652	iexplore.exe	IEXPLORE.EXE
PID 3652 wrote to memory of 3348	3652	iexplore.exe	IEXPLORE.EXE
PID 2768 wrote to memory of 3404	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3404	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2748	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 1572	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 1572	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 3668	2768	chrome.exe	chrome.exe

Suspicious use of SetWindowsHookEx 56 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3652	iexplore.exe
3652	iexplore.exe
3584	IEXPLORE.EXE
3584	IEXPLORE.EXE
3652	iexplore.exe
3652	iexplore.exe
3348	IEXPLORE.EXE
3348	IEXPLORE.EXE
3652	iexplore.exe
3652	iexplore.exe
3584	IEXPLORE.EXE
3584	IEXPLORE.EXE
4192	iexplore.exe
4192	iexplore.exe
4344	IEXPLORE.EXE
4344	IEXPLORE.EXE
4608	iexplore.exe
4608	iexplore.exe
4680	IEXPLORE.EXE
4680	IEXPLORE.EXE
4872	iexplore.exe
4872	iexplore.exe
3620	IEXPLORE.EXE
3620	IEXPLORE.EXE
4988	iexplore.exe
4988	iexplore.exe
4704	IEXPLORE.EXE
4704	IEXPLORE.EXE
1004	iexplore.exe
1004	iexplore.exe
5104	IEXPLORE.EXE
5104	IEXPLORE.EXE
4260	iexplore.exe
4260	iexplore.exe
60	IEXPLORE.EXE
60	IEXPLORE.EXE
4408	iexplore.exe
4408	iexplore.exe
4288	IEXPLORE.EXE
4288	IEXPLORE.EXE
3732	iexplore.exe
3732	iexplore.exe
4448	IEXPLORE.EXE
4448	IEXPLORE.EXE
4840	iexplore.exe
4840	iexplore.exe
4780	IEXPLORE.EXE
4780	IEXPLORE.EXE
2348	iexplore.exe
2348	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
4904	iexplore.exe
4904	iexplore.exe
4452	IEXPLORE.EXE
4452	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 80 IoCs

Processes:

iexplore.exechrome.exe

pid	process
3652	iexplore.exe
3652	iexplore.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Modifies Internet Explorer settings 1 TTPs 196 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d0096f6856d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6085d03a6856d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070f4e65ddf1514459006b313b316c02000000000020000000000106600000001000020000000c99f83957702ff45a3259e7919b3145db6eea26eea7600f164b8f5da21fb5656000000000e8000000002000020000000b1680bf220abcec5a224ead43ccad75761c6b9918ab1b2f05bf3a837b16e1d3d2000000069e87d0d811a19957d2db0944c1defaf03b4cc131ecf93bbbde87ce4a478581140000000eaa4e8d411de8e1dfcc1f6ad4b94ee448530252e88e4ba72dca3f0aee7ec86e36e4071c562c4dac8720cfff256624b80d4dffa14da8d7ef526e90bc36e310d72	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b009ec956856d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C606B832-C25B-11EA-BF1A-5E51C75AECAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9F4D89C-C25B-11EA-BF1A-5E51C75AECAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30824040"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1003251487"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1003251487"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFF6C1D3-C25B-11EA-BF1A-5E51C75AECAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84E8718A-C25B-11EA-BF1A-5E51C75AECAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B91995E2-C25B-11EA-BF1A-5E51C75AECAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000070f4e65ddf1514459006b313b316c020000000000200000000001066000000010000200000002618fa4ffa2006915fb413942eadddc5e9c18ada86fc4a2f719089d1522bc99f000000000e800000000200002000000022b72d09a4c0dc0c1885146e23fae0a393733fbe8fecd43c88975b670ef4b4562000000097cb4e6a7304614db10d7b3b511a608c9ee14acbd305de32923aba45f89084134000000029b171338bd4f7fc289f5412a790fa1d073e10ef9179a636a0e31ae134d3d30fce4ccacbc43c62ae2ba109075695486ebb7f8461038a2c1393db1952215b3277	iexplore.exe

Drops Chrome extension 3 IoCs

Processes:

chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8220.319.1.2_0\_metadata\computed_hashes.json	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json	chrome.exe

C:\Users\Admin\AppData\Local\Temp\183Pr0v.exe
"C:\Users\Admin\AppData\Local\Temp\183Pr0v.exe"
1⤵
PID:1520

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3652

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3652 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3584

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3652 CREDAT:82947 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3348

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
- Suspicious use of FindShellTrayWindow
- Drops Chrome extension
PID:2768

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xb4,0xb8,0xbc,0x90,0xc0,0x7ffbb5bebd28,0x7ffbb5bebd38,0x7ffbb5bebd48
2⤵
PID:1456

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2288 --on-initialized-event-handle=616 --parent-handle=620 /prefetch:6
2⤵
PID:3404

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1456 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:2748

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3392 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4436

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3556 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4452

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3684 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4484

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3772 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4552

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3604 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:5000

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3392 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:5036

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3664 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:5072

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4184 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:5112

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3536 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4448

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=4172 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4440

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4092 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4492

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4052 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1452

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3968 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4576

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=4504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2364 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=1984 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2364 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:4540

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2292 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1420,12729059741821801379,10273180053965102586,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4192

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4344

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4608

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4608 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4680

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4872

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4872 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3620

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4988

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4704

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:1004

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1004 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:5104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4260

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4260 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:60

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4408

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4408 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4288

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:3732

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3732 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4840

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4840 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4780

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:2348

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4904

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4904 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:4452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203

Download Submit
\??\pipe\crashpad_2768_FWKSKRPBCBJFENYK

Download Submit
memory/60-480-0x0000000000000000-mapping.dmp

Download
memory/1240-10-0x0000000000000000-mapping.dmp

Download
memory/1240-13-0x000056F200040000-0x000056F200041000-memory.dmp

Filesize
4KB

Download
memory/1240-15-0x0000019D02240000-0x0000019D02241000-memory.dmp

Filesize
4KB

Download
memory/1452-221-0x0000000000000000-mapping.dmp

Download
memory/1456-2-0x0000000000000000-mapping.dmp

Download
memory/1520-0-0x00000000004D0000-0x00000000004E6000-memory.dmp

Filesize
88KB

Download
memory/1572-6-0x0000000000000000-mapping.dmp

Download
memory/1908-471-0x0000000000000000-mapping.dmp

Download
memory/2488-199-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-194-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-213-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-212-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-211-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-210-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-209-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-208-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-207-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-206-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-205-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-204-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-203-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-202-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-201-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-200-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-173-0x0000000000000000-mapping.dmp

Download
memory/2488-198-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-197-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-196-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-195-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-214-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-193-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-192-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-191-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-190-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-189-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-188-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-187-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-186-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-185-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-184-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-183-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-182-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-181-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-180-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-179-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-178-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-177-0x0000022A77800000-0x0000022A77801000-memory.dmp

Filesize
4KB

Download
memory/2488-176-0x0000022A75730000-0x0000022A757300F8-memory.dmp

Filesize
248B

Download
memory/2488-175-0x0000212E00040000-0x0000212E00041000-memory.dmp

Filesize
4KB

Download
memory/2692-484-0x0000000000000000-mapping.dmp

Download
memory/2748-5-0x0000000000000000-mapping.dmp

Download
memory/2748-7-0x00007FFBBFA30000-0x00007FFBBFA31000-memory.dmp

Filesize
4KB

Download
memory/2768-73-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-142-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-65-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-66-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-67-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-68-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-69-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-70-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-71-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-72-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-63-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-74-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-75-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-76-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-77-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-78-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-79-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-80-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-81-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-82-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-83-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-84-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-85-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-86-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-87-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-88-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-89-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-90-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-91-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-92-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-93-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-94-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-95-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-96-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-97-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-98-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-99-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-100-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-101-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-102-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-103-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-104-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-105-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-106-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-107-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-108-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-109-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-110-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-111-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-112-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-113-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-114-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-115-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-116-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-117-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-118-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-119-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-120-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-121-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-122-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-123-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-124-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-125-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-126-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-127-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-128-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-129-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-130-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-131-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-132-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-133-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-134-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-135-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-136-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-137-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-138-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-139-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-140-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-141-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-64-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-143-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-144-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-145-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-146-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-147-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-148-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-149-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-150-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-151-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-152-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-153-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-154-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-155-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-156-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-157-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-158-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-159-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-160-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-161-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-162-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/2768-163-0x0000020E0D200000-0x0000020E0D201000-memory.dmp

Filesize
4KB

Download
memory/3348-3-0x0000000000000000-mapping.dmp

Download
memory/3404-4-0x0000000000000000-mapping.dmp

Download
memory/3584-1-0x0000000000000000-mapping.dmp

Download
memory/3620-476-0x0000000000000000-mapping.dmp

Download
memory/3668-33-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-18-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-9-0x0000000000000000-mapping.dmp

Download
memory/3668-30-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-53-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-52-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-51-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-50-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-49-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-48-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-47-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-46-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-45-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-44-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-43-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-42-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-41-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-40-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-39-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-38-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-37-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-36-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-35-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-34-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-31-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-32-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-29-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-14-0x0000416F00040000-0x0000416F00041000-memory.dmp

Filesize
4KB

Download
memory/3668-16-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-28-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-27-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-26-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-25-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-24-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-23-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-22-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-21-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-20-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-17-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3668-19-0x000001BC01A70000-0x000001BC01A71000-memory.dmp

Filesize
4KB

Download
memory/3712-478-0x0000000000000000-mapping.dmp

Download
memory/4288-481-0x0000000000000000-mapping.dmp

Download
memory/4344-470-0x0000000000000000-mapping.dmp

Download
memory/4436-55-0x0000000000000000-mapping.dmp

Download
memory/4440-218-0x0000000000000000-mapping.dmp

Download
memory/4448-216-0x0000000000000000-mapping.dmp

Download
memory/4448-482-0x0000000000000000-mapping.dmp

Download
memory/4452-485-0x0000000000000000-mapping.dmp

Download
memory/4452-57-0x0000000000000000-mapping.dmp

Download
memory/4484-58-0x0000000000000000-mapping.dmp

Download
memory/4492-219-0x0000000000000000-mapping.dmp

Download
memory/4508-474-0x0000000000000000-mapping.dmp

Download
memory/4540-472-0x0000000000000000-mapping.dmp

Download
memory/4552-61-0x0000000000000000-mapping.dmp

Download
memory/4576-223-0x0000000000000000-mapping.dmp

Download
memory/4616-225-0x0000000000000000-mapping.dmp

Download
memory/4672-262-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-242-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-236-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-241-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-263-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-243-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-244-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-245-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-246-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-247-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-248-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-249-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-250-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-251-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-252-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-264-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-254-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-255-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-256-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-257-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-258-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-261-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-259-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-260-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-238-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-237-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-253-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-265-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-266-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-267-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-268-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-269-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-270-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-271-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-235-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-234-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-233-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-232-0x000001C9ED960000-0x000001C9ED961000-memory.dmp

Filesize
4KB

Download
memory/4672-231-0x000001C9EB480000-0x000001C9EB4800F8-memory.dmp

Filesize
248B

Download
memory/4672-230-0x0000017E00040000-0x0000017E00041000-memory.dmp

Filesize
4KB

Download
memory/4672-228-0x0000000000000000-mapping.dmp

Download
memory/4680-475-0x0000000000000000-mapping.dmp

Download
memory/4704-477-0x0000000000000000-mapping.dmp

Download
memory/4780-483-0x0000000000000000-mapping.dmp

Download
memory/5000-165-0x0000000000000000-mapping.dmp

Download
memory/5036-167-0x0000000000000000-mapping.dmp

Download
memory/5072-169-0x0000000000000000-mapping.dmp

Download
memory/5096-469-0x0000000000000000-mapping.dmp

Download
memory/5104-479-0x0000000000000000-mapping.dmp

Download
memory/5112-171-0x0000000000000000-mapping.dmp

Download