0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15

Analysis

max time kernel
563s
max time network
601s
platform
windows7_x64
resource
win7v20210410
submitted
22-07-2021 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DCBR.msi
Size

5.6MB
MD5

3eb2ea9527590196759a92fdd24eaf8b
SHA1

22cb16a1c4331efa0f228484578b54708dcc1f0b
SHA256

0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15
SHA512

9c775c31e2148a2bd8a82b5be6527d2ccbd8d31df3afda7d5e4b6f35c7bceb4bee42c9933a5e5a38e9eacfd2b97b0ad6e3b896a6b5e1b4e043c83e265264bbbc

Score

9^/10

discovery evasion persistence spyware stealer themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497
Blocklisted process makes network request 1 IoCs

Processes:

MsiExec.exe

flow pid process

6 1912 MsiExec.exe

flow	pid	process
6	1912	MsiExec.exe

Executes dropped EXE 5 IoCs

Processes:

vIsqTV.Lavasoft.WCAssistant.WinService.EXEsoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

pid	process
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2552	software_reporter_tool.exe
2376	software_reporter_tool.exe
2260	software_reporter_tool.exe
2096	software_reporter_tool.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

vIsqTV.Lavasoft.WCAssistant.WinService.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	vIsqTV.Lavasoft.WCAssistant.WinService.EXE

Loads dropped DLL 17 IoCs

Processes:

MsiExec.exevIsqTV.Lavasoft.WCAssistant.WinService.EXEchrome.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

pid	process
1912	MsiExec.exe
1912	MsiExec.exe
1912	MsiExec.exe
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
1912	MsiExec.exe
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
1912	MsiExec.exe
2560	chrome.exe
2552	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe
2260	software_reporter_tool.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\vIsqTV\Avira.OE.NativeCore.dll	themida
\Users\Admin\AppData\Local\vIsqTV\Avira.OE.NativeCore.dll	themida
behavioral1/memory/2276-89-0x000000006F940000-0x00000000716B4000-memory.dmp	themida

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

vIsqTV.Lavasoft.WCAssistant.WinService.EXEreg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Run\v5Q3w8O8 = "C:\\Users\\Admin\\AppData\\Local\\\u007fv\u007fIs\u007fqTV\\\u007fv\u007fIs\u007fqTV.Lavasoft.WCAssistant.WinService.EXE"	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Run\vIsqTV = "C:\\Users\\Admin\\AppData\\Local\\\u007fv\u007fIs\u007fqTV\\\u007fv\u007fIs\u007fqTV.Lavasoft.WCAssistant.WinService.EXE"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Run	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Run\y8k6k1u0 = "C:\\Users\\Admin\\AppData\\Local\\\u007fv\u007fIs\u007fqTV\\\u007fv\u007fIs\u007fqTV.Lavasoft.WCAssistant.WinService.EXE"	vIsqTV.Lavasoft.WCAssistant.WinService.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

vIsqTV.Lavasoft.WCAssistant.WinService.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	vIsqTV.Lavasoft.WCAssistant.WinService.EXE

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

vIsqTV.Lavasoft.WCAssistant.WinService.EXE

pid process

2276 vIsqTV.Lavasoft.WCAssistant.WinService.EXE

Drops file in Windows directory 10 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSI6D3A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f74143c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI14C8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI624E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6C9B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f74143e.ipi	msiexec.exe
File created	C:\Windows\Installer\f74143c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI60F5.tmp	msiexec.exe
File created	C:\Windows\Installer\f74143e.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000000000000010000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02a2d80f57ed701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A71442B1-EAE8-11EB-A787-52BBEA82F32C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea4cc1d6d312464b9bc2dde4bf40775e00000000020000000000106600000001000020000000f5ab792d693f2ff08fd64a97718b8b9c228fe7ce6e2a7f4f5660a23d93ec086f000000000e8000000002000020000000952f058981cd9f98813dd0121d80260dcd289d3613dda2596958d6a5cdd7b55a900000007f846610429bcd903e8f77933e01099304bd9f6db45271d5a1ae0ca7e92d2f9193b2de4ba71e6ebc1e29586fe2051ea4d28d9972c156a85ede88e9911ca635ce9c4b861beeff341f9eae342a4f94eebe850957f71f276b1d44b535c51c199a6a25d93c953645c088510e2b0a3cf9ace5f18472cf8163249290341e28a13d2bc36697b4b6c59701493a794447e6e893f24000000069bea3e4c35e4eb981c53d8b8dc552b76d9e15c29867339e5d82fdc38b5e772ba8eca72703f8847367eef80b1e12311ac0f8db09cb6d662a7ae4eb2fc711a197	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea4cc1d6d312464b9bc2dde4bf40775e000000000200000000001066000000010000200000004658b62c15957a6624d1e313c1cc29e53f2eaf6a713ca49d44efce82b0bc9cce000000000e8000000002000020000000bf49d2103e091cb0d793a73873c458c7d5c5647d0fb9c8cc1e3dc31ad0d8d0c92000000094f7398ce3bfb943b1b869bb6ae253ad7204d4a64c357a4ef6fdeb71070e031d4000000082a9ba383b38c8b505d9c18776b56aaed9eb0acce62e211d341cf76df1432b6802f6c0fbcc6bb79a1bb4697dbc1b3e1d10e656337f39a1e1c43d9dee13c8ba8c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "333722028"	iexplore.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2324 reg.exe

pid	process
2324	reg.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	6	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	139	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	142	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msiexec.exevIsqTV.Lavasoft.WCAssistant.WinService.EXE

pid	process
1516	msiexec.exe
1516	msiexec.exe
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
2276	vIsqTV.Lavasoft.WCAssistant.WinService.EXE

Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes:

msiexec.exemsiexec.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

description	pid	process
Token: SeShutdownPrivilege	1116	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1116	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeSecurityPrivilege	1516	msiexec.exe
Token: SeCreateTokenPrivilege	1116	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1116	msiexec.exe
Token: SeLockMemoryPrivilege	1116	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1116	msiexec.exe
Token: SeMachineAccountPrivilege	1116	msiexec.exe
Token: SeTcbPrivilege	1116	msiexec.exe
Token: SeSecurityPrivilege	1116	msiexec.exe
Token: SeTakeOwnershipPrivilege	1116	msiexec.exe
Token: SeLoadDriverPrivilege	1116	msiexec.exe
Token: SeSystemProfilePrivilege	1116	msiexec.exe
Token: SeSystemtimePrivilege	1116	msiexec.exe
Token: SeProfSingleProcessPrivilege	1116	msiexec.exe
Token: SeIncBasePriorityPrivilege	1116	msiexec.exe
Token: SeCreatePagefilePrivilege	1116	msiexec.exe
Token: SeCreatePermanentPrivilege	1116	msiexec.exe
Token: SeBackupPrivilege	1116	msiexec.exe
Token: SeRestorePrivilege	1116	msiexec.exe
Token: SeShutdownPrivilege	1116	msiexec.exe
Token: SeDebugPrivilege	1116	msiexec.exe
Token: SeAuditPrivilege	1116	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1116	msiexec.exe
Token: SeChangeNotifyPrivilege	1116	msiexec.exe
Token: SeRemoteShutdownPrivilege	1116	msiexec.exe
Token: SeUndockPrivilege	1116	msiexec.exe
Token: SeSyncAgentPrivilege	1116	msiexec.exe
Token: SeEnableDelegationPrivilege	1116	msiexec.exe
Token: SeManageVolumePrivilege	1116	msiexec.exe
Token: SeImpersonatePrivilege	1116	msiexec.exe
Token: SeCreateGlobalPrivilege	1116	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: SeRestorePrivilege	1516	msiexec.exe
Token: SeTakeOwnershipPrivilege	1516	msiexec.exe
Token: 33	2376	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2376	software_reporter_tool.exe
Token: 33	2552	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2552	software_reporter_tool.exe
Token: 33	2260	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2260	software_reporter_tool.exe
Token: 33	2096	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2096	software_reporter_tool.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

msiexec.exeiexplore.exechrome.exe

pid process

1116 msiexec.exe
1384 iexplore.exe
1116 msiexec.exe
2560 chrome.exe
2560 chrome.exe
2560 chrome.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1384 iexplore.exe
1384 iexplore.exe
644 IEXPLORE.EXE
644 IEXPLORE.EXE
644 IEXPLORE.EXE
644 IEXPLORE.EXE

pid	process
1116	msiexec.exe
1384	iexplore.exe
1116	msiexec.exe
2560	chrome.exe
2560	chrome.exe
2560	chrome.exe

pid	process
1384	iexplore.exe
1384	iexplore.exe
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msiexec.exeMsiExec.execmd.exeiexplore.execmd.exechrome.exe

description	pid	process	target process
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1516 wrote to memory of 1912	1516	msiexec.exe	MsiExec.exe
PID 1912 wrote to memory of 1728	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 1728	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 1728	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 1728	1912	MsiExec.exe	cmd.exe
PID 1728 wrote to memory of 1384	1728	cmd.exe	iexplore.exe
PID 1728 wrote to memory of 1384	1728	cmd.exe	iexplore.exe
PID 1728 wrote to memory of 1384	1728	cmd.exe	iexplore.exe
PID 1728 wrote to memory of 1384	1728	cmd.exe	iexplore.exe
PID 1384 wrote to memory of 644	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 644	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 644	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 644	1384	iexplore.exe	IEXPLORE.EXE
PID 1912 wrote to memory of 2252	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 2252	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 2252	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 2252	1912	MsiExec.exe	cmd.exe
PID 1912 wrote to memory of 2276	1912	MsiExec.exe	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
PID 1912 wrote to memory of 2276	1912	MsiExec.exe	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
PID 1912 wrote to memory of 2276	1912	MsiExec.exe	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
PID 1912 wrote to memory of 2276	1912	MsiExec.exe	vIsqTV.Lavasoft.WCAssistant.WinService.EXE
PID 2252 wrote to memory of 2324	2252	cmd.exe	reg.exe
PID 2252 wrote to memory of 2324	2252	cmd.exe	reg.exe
PID 2252 wrote to memory of 2324	2252	cmd.exe	reg.exe
PID 2252 wrote to memory of 2324	2252	cmd.exe	reg.exe
PID 2560 wrote to memory of 2576	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2576	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2576	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe
PID 2560 wrote to memory of 2728	2560	chrome.exe	chrome.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\DCBR.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1116

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B1DCAA532E279629635E330FC229C139
2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1912

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C start /MIN https://bit.ly/3hPv4Ay
3⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/3hPv4Ay
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:644

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C start /MIN reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v vIsqTV /t reg_sz /d "C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE"
3⤵
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\SysWOW64\reg.exe
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v vIsqTV /t reg_sz /d "C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE"
4⤵
- Adds Run key to start application
- Modifies registry key
PID:2324

C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE
"C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE"
3⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef6e14f50,0x7fef6e14f60,0x7fef6e14f70
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1032 /prefetch:2
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 /prefetch:8
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3456 /prefetch:8
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3772 /prefetch:2
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4872 /prefetch:8
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3028 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
2⤵
PID:1424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
2⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 /prefetch:8
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x1400aa890,0x1400aa8a0,0x1400aa8b0
3⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:8
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3080 /prefetch:8
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 /prefetch:8
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 /prefetch:8
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3600 /prefetch:8
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:8
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8
2⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:8
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4128 /prefetch:8
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4116 /prefetch:8
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=960 /prefetch:8
2⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1432 /prefetch:1
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3136 /prefetch:8
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2336 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:8
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4296 /prefetch:8
2⤵
PID:1708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:8
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4908 /prefetch:8
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:8
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=944 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4052 /prefetch:8
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4056 /prefetch:8
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4024 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2384 /prefetch:8
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4316 /prefetch:8
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4444 /prefetch:8
2⤵
PID:268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=624 /prefetch:1
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4736 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4440 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=624 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5392 /prefetch:8
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4796 /prefetch:8
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4248 /prefetch:8
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 /prefetch:8
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5300 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 /prefetch:8
2⤵
PID:2908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3144 /prefetch:8
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5220 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4108 /prefetch:8
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=940 /prefetch:8
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=956 /prefetch:8
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:8
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=988 /prefetch:8
2⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4108 /prefetch:8
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
2⤵
PID:344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:8
2⤵
PID:2436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\91.266.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=N2O7IKS4aRQLX0P3rFWhnzrf8ny7BROf9bqFyFDO --registry-suffix=ESET --srt-field-trial-group-name=Off
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2552

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=91.266.200 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x140073270,0x140073280,0x140073290
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2376

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_2552_CSWFJPAAITAXYZSV" --sandboxed-process-id=2 --init-done-notifier=488 --sandbox-mojo-pipe-token=6511208329017047469 --mojo-platform-channel-handle=464 --engine=2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2260

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\91.266.200\software_reporter_tool.exe" --use-crash-handler-with-id="\\.\pipe\crashpad_2552_CSWFJPAAITAXYZSV" --sandboxed-process-id=3 --init-done-notifier=648 --sandbox-mojo-pipe-token=5180316856991017270 --mojo-platform-channel-handle=644
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 /prefetch:8
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 /prefetch:8
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1040,1188644760633996492,6480998037146377979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5428 /prefetch:8
2⤵
PID:1916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
MD5
32a913d8ecc4e44c129ec875773cf3dc

SHA1
480eca9ee43825262c9907383c96ecbfa594c55c

SHA256
c83a825a4359c833c9fab107e3355a0010f3516db6dfe137ce6b41251780d2dc

SHA512
37d57dd012d896f30554b30b1fed0403a27bc6bc8d8ae288d96efad0f87d6adbb128bad19672c24c6c66882a0bf04214ae6ccd16682b5d033898360050d3f170

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
MD5
2902de11e30dcc620b184e3bb0f0c1cb

SHA1
5d11d14a2558801a2688dc2d6dfad39ac294f222

SHA256
e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

SHA512
efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
MD5
5f663c079ccb83b86080d322b5c11a4e

SHA1
93c8be94d0c882732a4902aff6d106f56e9e183a

SHA256
df2ac6094e54ec3aaeffdf473cdb369556a727d4da8d86ddd222bc5ba0b8fcca

SHA512
c2119af8a70ea8e2f74fcbdbe1bca128dfeae58b33b36bc8da9aec5511d6b18634dd4289dba7f123114c50af6a0977d46c0f48a60c19bfeacecd26fa5221ec76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
9f3813911240230f02579e1882c303fa

SHA1
3adaf410d659acb922e162ae16df64603ad4d1ca

SHA256
9e5c15a3e93b8fe92e9d7324bcaa7185784d2ea7cc811803f0bbb8f964a42539

SHA512
101ba87a44a9ff28312bc7679b4d4f62910ca09e4de28a7338b6ab8b227fe1c13d7f6289fbe9f3944a900f983984d2f7ec91dab861c9ea192c3c2d085f6928be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
37f0e48492cc1ddb37e7351cbc3fbf40

SHA1
c822e241d0ca1d304a62e81562461af33ab5d924

SHA256
df78a5a6471b124c4fb9345e475386a7d4c4ecae39f628c8145910f339446f69

SHA512
e901ffeadb6ee14676f70de71b1fc70fff73bfde3227e6c6b2bf2903d1fe9f71f69c66515f169138dcd6fccbfa315d10d01d248f26cd112744f239a0500d786e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
MD5
ad88de1a639b1d4909459135fa870f51

SHA1
c8a62bc5504cce021063896cd4116d9b45844487

SHA256
2f8b2bf4e8736a56452c19428f6f65c07c761741e4b7657fb5dc1198a358f4ae

SHA512
ddc5b1bc7d2bf3b4eb2a1bfe3bd159f2ae7377cdd78bcf49bc81dbad401d91e8067f806f2e34bef7975bca478c40aec41aeb8537c71ea5a9bb7700ea66ebd3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
3d87f0490a80a56a6d9eb23321dc1115

SHA1
c5beef947b1ca088d165139b2c8aa9f2a3827126

SHA256
414a6cf5be506972104ef259ebb6244a3c426c69093bb9b0ba95a2e0b1bca9bf

SHA512
40665605c92009294bcec1bb7945362f495bb88fb124ade330a14bc7f7742a140f4e978b6639d6191d0954362111f1ee674a5e9f477ba719fe4ff5133457ab2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sgyae4t\imagestore.dat
MD5
173eb89ebc8cc06ef8a1bc0edf308896

SHA1
61be6dcdd967f6f22f9bc01460059cf2e3d3bb11

SHA256
bb06329398407b1c804e8bdeefad09fde8eedeb4625e36776dbcae679370ba37

SHA512
963bccccf5af241f5d62b490d88829a757bd735e8b3e74b106e34feb515864285d6198e098b04081a89ef91be76fa0cada7e8d2cb41a95be12043da16943460f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI41027.LOG
MD5
fae35b5ecbfef3324788c3f1de4effa1

SHA1
56535b2b2591a7b9bac434329dd02ea479cb5aea

SHA256
57702bb4edebbce9086461fc682ed8eab62037ac06e35bb1dc2887ca6de6400b

SHA512
141f08fc83dcfb5cd6994508eebeba9876ed2f52cfaddf76ad42f998430d2a036f6768e2b3b425a51d2d7baf54936cb27e9fe0f3cab48f9126d634cc20c2d7d0

Download Submit
C:\Users\Admin\AppData\Local\vIsqTV\Avira.OE.NativeCore.dll
MD5
69956909dd2b7813338401ebd3774e8f

SHA1
6c49378f63505fd72a5ba53ab0ca2d25c47f13c3

SHA256
3a74e84facc9b7ff009c0fd38267db03286a61b8c53d53fe0fdc7a69e5d553a0

SHA512
3d8beeef5251117b3119df432eb5b29b25873bde716fdde8db931ceaa5b2e3305a9811e0c6b59cdf70855fec86f699d35595d8716027f0c9bb04031b64ddea88

Download Submit
C:\Users\Admin\AppData\Local\vIsqTV\MSVCP120.dll
MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Users\Admin\AppData\Local\vIsqTV\MSVCR120.dll
MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE
MD5
fefc447b17cf02a6fcb0abc7f5959450

SHA1
918360e2e07c9be49ef4d07406b37cea7dc3b924

SHA256
a74226654c5048cadb46d83b3778c554e0e02c6dc063f35b2721cb977f1285cf

SHA512
aa3b6d2418ff7ecc3696a757408cacf054090e8c4b520900a0c45f4f274af24174ad79b5413537be0fe01ee0363c70fa49c3cc59b0788ae1abce11249cea6588

Download Submit
C:\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE
MD5
fefc447b17cf02a6fcb0abc7f5959450

SHA1
918360e2e07c9be49ef4d07406b37cea7dc3b924

SHA256
a74226654c5048cadb46d83b3778c554e0e02c6dc063f35b2721cb977f1285cf

SHA512
aa3b6d2418ff7ecc3696a757408cacf054090e8c4b520900a0c45f4f274af24174ad79b5413537be0fe01ee0363c70fa49c3cc59b0788ae1abce11249cea6588

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\59KYYY78.txt
MD5
e67f2bb7270baa29d89ade2480da8c31

SHA1
ef72b21e266efa2c9a527e0f07b7441f397bb6f5

SHA256
00851891606acd36582f01ae5af8ed140eda9cc64b21709ebbea15c208788fa9

SHA512
fb729dd5dc23cf4961415bf1c2bbe3a9b05ce21302057fb58e8a13e862a7b125238079e677d1c3131f3de34585ad1f55917829dc34e5147c5059aacd93f2f3b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YCNP6O43.txt
MD5
90fcd7e6d39a4d72e8d82c2c81fca3ec

SHA1
fcfb6cd0f6b8910447869156a4315ee036a0a18a

SHA256
7876a539b17e79e3af2a3e4dac513eb7a3ac74e857a8c296062b32cf1ed99197

SHA512
ed9289f0974d3c773c35ae633987d113f288b1a70d8a29037b8d931aaf64592fae3eb0ae3c776e9a78d2781613d2bc172da050f18732b6b5917d92a6bbd69256

Download Submit
C:\Windows\Installer\MSI14C8.tmp
MD5
5c5bef05b6f3806106f8f3ce13401cc1

SHA1
6005fbe17f6e917ac45317552409d7a60976db14

SHA256
f2f3ae8ca06f5cf320ca1d234a623bf55cf2b84c1d6dea3d85d5392e29aaf437

SHA512
97933227b6002127385ace025f85a26358e47ee79c883f03180d474c15dbaf28a88492c8e53aefc0d305872edd27db0b4468da13e6f0337988f58d2ee35fd797

Download Submit
C:\Windows\Installer\MSI60F5.tmp
MD5
5c5bef05b6f3806106f8f3ce13401cc1

SHA1
6005fbe17f6e917ac45317552409d7a60976db14

SHA256
f2f3ae8ca06f5cf320ca1d234a623bf55cf2b84c1d6dea3d85d5392e29aaf437

SHA512
97933227b6002127385ace025f85a26358e47ee79c883f03180d474c15dbaf28a88492c8e53aefc0d305872edd27db0b4468da13e6f0337988f58d2ee35fd797

Download Submit
C:\Windows\Installer\MSI624E.tmp
MD5
2782aebc4b0d64dbd33e66251e9ab371

SHA1
1606c90365554b205af444bfa534e094847d0a32

SHA256
e56039ccfb3d5a4fb35d415fd50d1eb8ad9da69bcff8e71bb1ed82306b535e1b

SHA512
96a46726882e3c75e3489bd33da7474e8f308b0c7455b0c4c989ea84487b8e1b69c82d4bdf0cd15648b6904251442ab748aa392dd6de17820daa7d8549f956ad

Download Submit
C:\Windows\Installer\MSI6D3A.tmp
MD5
2782aebc4b0d64dbd33e66251e9ab371

SHA1
1606c90365554b205af444bfa534e094847d0a32

SHA256
e56039ccfb3d5a4fb35d415fd50d1eb8ad9da69bcff8e71bb1ed82306b535e1b

SHA512
96a46726882e3c75e3489bd33da7474e8f308b0c7455b0c4c989ea84487b8e1b69c82d4bdf0cd15648b6904251442ab748aa392dd6de17820daa7d8549f956ad

Download Submit
\??\pipe\crashpad_2560_HKNBRKGOMMSFQRSS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\vIsqTV\Avira.OE.NativeCore.dll
MD5
69956909dd2b7813338401ebd3774e8f

SHA1
6c49378f63505fd72a5ba53ab0ca2d25c47f13c3

SHA256
3a74e84facc9b7ff009c0fd38267db03286a61b8c53d53fe0fdc7a69e5d553a0

SHA512
3d8beeef5251117b3119df432eb5b29b25873bde716fdde8db931ceaa5b2e3305a9811e0c6b59cdf70855fec86f699d35595d8716027f0c9bb04031b64ddea88

Download Submit
\Users\Admin\AppData\Local\vIsqTV\msvcp120.dll
MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
\Users\Admin\AppData\Local\vIsqTV\msvcr120.dll
MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
\Users\Admin\AppData\Local\vIsqTV\vIsqTV.Lavasoft.WCAssistant.WinService.EXE
MD5
fefc447b17cf02a6fcb0abc7f5959450

SHA1
918360e2e07c9be49ef4d07406b37cea7dc3b924

SHA256
a74226654c5048cadb46d83b3778c554e0e02c6dc063f35b2721cb977f1285cf

SHA512
aa3b6d2418ff7ecc3696a757408cacf054090e8c4b520900a0c45f4f274af24174ad79b5413537be0fe01ee0363c70fa49c3cc59b0788ae1abce11249cea6588

Download Submit
\Windows\Installer\MSI14C8.tmp
MD5
5c5bef05b6f3806106f8f3ce13401cc1

SHA1
6005fbe17f6e917ac45317552409d7a60976db14

SHA256
f2f3ae8ca06f5cf320ca1d234a623bf55cf2b84c1d6dea3d85d5392e29aaf437

SHA512
97933227b6002127385ace025f85a26358e47ee79c883f03180d474c15dbaf28a88492c8e53aefc0d305872edd27db0b4468da13e6f0337988f58d2ee35fd797

Download Submit
\Windows\Installer\MSI60F5.tmp
MD5
5c5bef05b6f3806106f8f3ce13401cc1

SHA1
6005fbe17f6e917ac45317552409d7a60976db14

SHA256
f2f3ae8ca06f5cf320ca1d234a623bf55cf2b84c1d6dea3d85d5392e29aaf437

SHA512
97933227b6002127385ace025f85a26358e47ee79c883f03180d474c15dbaf28a88492c8e53aefc0d305872edd27db0b4468da13e6f0337988f58d2ee35fd797

Download Submit
\Windows\Installer\MSI624E.tmp
MD5
2782aebc4b0d64dbd33e66251e9ab371

SHA1
1606c90365554b205af444bfa534e094847d0a32

SHA256
e56039ccfb3d5a4fb35d415fd50d1eb8ad9da69bcff8e71bb1ed82306b535e1b

SHA512
96a46726882e3c75e3489bd33da7474e8f308b0c7455b0c4c989ea84487b8e1b69c82d4bdf0cd15648b6904251442ab748aa392dd6de17820daa7d8549f956ad

Download Submit
\Windows\Installer\MSI6D3A.tmp
MD5
2782aebc4b0d64dbd33e66251e9ab371

SHA1
1606c90365554b205af444bfa534e094847d0a32

SHA256
e56039ccfb3d5a4fb35d415fd50d1eb8ad9da69bcff8e71bb1ed82306b535e1b

SHA512
96a46726882e3c75e3489bd33da7474e8f308b0c7455b0c4c989ea84487b8e1b69c82d4bdf0cd15648b6904251442ab748aa392dd6de17820daa7d8549f956ad

Download Submit
memory/644-70-0x0000000000000000-mapping.dmp

Download
memory/800-227-0x0000000000000000-mapping.dmp

Download
memory/840-160-0x0000000000000000-mapping.dmp

Download
memory/900-198-0x0000000000000000-mapping.dmp

Download
memory/948-209-0x0000000000000000-mapping.dmp

Download
memory/952-212-0x0000000000000000-mapping.dmp

Download
memory/972-142-0x0000000000000000-mapping.dmp

Download
memory/972-175-0x0000000000000000-mapping.dmp

Download
memory/1072-172-0x0000000000000000-mapping.dmp

Download
memory/1072-218-0x0000000000000000-mapping.dmp

Download
memory/1104-233-0x0000000000000000-mapping.dmp

Download
memory/1108-163-0x0000000000000000-mapping.dmp

Download
memory/1116-60-0x000007FEFC301000-0x000007FEFC303000-memory.dmp

Filesize
8KB

Download
memory/1264-145-0x0000000000000000-mapping.dmp

Download
memory/1384-69-0x0000000000000000-mapping.dmp

Download
memory/1416-136-0x0000000000000000-mapping.dmp

Download
memory/1424-166-0x0000000000000000-mapping.dmp

Download
memory/1708-248-0x0000000000000000-mapping.dmp

Download
memory/1728-67-0x0000000000000000-mapping.dmp

Download
memory/1740-214-0x0000000000000000-mapping.dmp

Download
memory/1800-190-0x0000000000000000-mapping.dmp

Download
memory/1828-220-0x0000000000000000-mapping.dmp

Download
memory/1856-196-0x0000000000000000-mapping.dmp

Download
memory/1912-64-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download
memory/1912-63-0x0000000000000000-mapping.dmp

Download
memory/1916-262-0x0000000000000000-mapping.dmp

Download
memory/1972-148-0x0000000000000000-mapping.dmp

Download
memory/1976-169-0x0000000000000000-mapping.dmp

Download
memory/2044-133-0x0000000000000000-mapping.dmp

Download
memory/2052-124-0x0000000000000000-mapping.dmp

Download
memory/2068-193-0x0000000000000000-mapping.dmp

Download
memory/2140-154-0x0000000000000000-mapping.dmp

Download
memory/2144-264-0x0000000000000000-mapping.dmp

Download
memory/2196-127-0x0000000000000000-mapping.dmp

Download
memory/2232-208-0x0000000000000000-mapping.dmp

Download
memory/2252-72-0x0000000000000000-mapping.dmp

Download
memory/2260-427-0x0000000004310000-0x0000000004350000-memory.dmp

Filesize
256KB

Download
memory/2260-426-0x00000000042D0000-0x0000000004310000-memory.dmp

Filesize
256KB

Download
memory/2260-434-0x0000000000350000-0x0000000000390000-memory.dmp

Filesize
256KB

Download
memory/2260-425-0x0000000004290000-0x00000000042D0000-memory.dmp

Filesize
256KB

Download
memory/2260-416-0x0000000004350000-0x0000000004390000-memory.dmp

Filesize
256KB

Download
memory/2260-412-0x0000000000350000-0x0000000000390000-memory.dmp

Filesize
256KB

Download
memory/2260-430-0x0000000000350000-0x0000000000390000-memory.dmp

Filesize
256KB

Download
memory/2260-424-0x0000000004250000-0x0000000004290000-memory.dmp

Filesize
256KB

Download
memory/2260-423-0x0000000004210000-0x0000000004250000-memory.dmp

Filesize
256KB

Download
memory/2260-431-0x0000000000390000-0x00000000003D0000-memory.dmp

Filesize
256KB

Download
memory/2260-422-0x00000000041D0000-0x0000000004210000-memory.dmp

Filesize
256KB

Download
memory/2260-415-0x0000000000C80000-0x0000000000CC0000-memory.dmp

Filesize
256KB

Download
memory/2260-413-0x0000000000390000-0x00000000003D0000-memory.dmp

Filesize
256KB

Download
memory/2260-414-0x0000000000690000-0x00000000006D0000-memory.dmp

Filesize
256KB

Download
memory/2260-421-0x0000000004190000-0x00000000041D0000-memory.dmp

Filesize
256KB

Download
memory/2260-420-0x0000000004150000-0x0000000004190000-memory.dmp

Filesize
256KB

Download
memory/2260-419-0x0000000004110000-0x0000000004150000-memory.dmp

Filesize
256KB

Download
memory/2260-418-0x0000000004390000-0x00000000043D0000-memory.dmp

Filesize
256KB

Download
memory/2260-417-0x00000000040D0000-0x0000000004110000-memory.dmp

Filesize
256KB

Download
memory/2268-178-0x0000000000000000-mapping.dmp

Download
memory/2276-92-0x000000006F941000-0x000000006FC82000-memory.dmp

Filesize
3.3MB

Download
memory/2276-74-0x0000000000000000-mapping.dmp

Download
memory/2276-89-0x000000006F940000-0x00000000716B4000-memory.dmp

Filesize
29.5MB

Download
memory/2276-93-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2284-230-0x0000000000000000-mapping.dmp

Download
memory/2324-80-0x0000000000000000-mapping.dmp

Download
memory/2388-157-0x0000000000000000-mapping.dmp

Download
memory/2424-204-0x0000000000000000-mapping.dmp

Download
memory/2428-244-0x0000000000000000-mapping.dmp

Download
memory/2440-250-0x0000000000000000-mapping.dmp

Download
memory/2496-177-0x0000000000000000-mapping.dmp

Download
memory/2504-181-0x0000000000000000-mapping.dmp

Download
memory/2532-139-0x0000000000000000-mapping.dmp

Download
memory/2560-117-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/2576-100-0x0000000000000000-mapping.dmp

Download
memory/2616-224-0x0000000000000000-mapping.dmp

Download
memory/2644-260-0x0000000000000000-mapping.dmp

Download
memory/2728-103-0x0000000000000000-mapping.dmp

Download
memory/2728-105-0x0000000077C30000-0x0000000077C31000-memory.dmp

Filesize
4KB

Download
memory/2764-104-0x0000000000000000-mapping.dmp

Download
memory/2788-256-0x0000000000000000-mapping.dmp

Download
memory/2808-254-0x0000000000000000-mapping.dmp

Download
memory/2820-108-0x0000000000000000-mapping.dmp

Download
memory/2872-110-0x0000000000000000-mapping.dmp

Download
memory/2912-113-0x0000000000000000-mapping.dmp

Download
memory/2932-151-0x0000000000000000-mapping.dmp

Download
memory/2932-242-0x0000000000000000-mapping.dmp

Download
memory/2936-118-0x0000000000000000-mapping.dmp

Download
memory/2944-238-0x0000000000000000-mapping.dmp

Download
memory/3024-184-0x0000000000000000-mapping.dmp

Download
memory/3028-187-0x0000000000000000-mapping.dmp

Download
memory/3032-236-0x0000000000000000-mapping.dmp

Download
memory/3048-120-0x0000000000000000-mapping.dmp

Download
memory/3068-202-0x0000000000000000-mapping.dmp

Download