44caliber | hxxps://dropmefiles[.]com/N84Xm

Resubmissions

19-11-2022 14:03

221119-rcrqsaec33 10

19-11-2022 09:25

221119-ldlm9sdg88 10

19-11-2022 09:24

221119-lc3kdshg9s 1

Analysis

max time kernel
601s
max time network
653s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2022 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dropmefiles.com/N84Xm

Score

10^/10

44caliber xmrig miner persistence spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/965618031504019487/Cn6AsCx4kQZK0LEEUQXsbtiZO7Ar6_aYAZNrXSTi1qiRB2vdvuWMLMYEB4YSSPKpEMtk

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 7 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/5400-198-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/5400-199-0x000000014030F3F8-mapping.dmp	xmrig
behavioral1/memory/5400-200-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/5400-201-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/5400-204-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/5400-206-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig
behavioral1/memory/5400-215-0x0000000140000000-0x0000000140786000-memory.dmp	xmrig

Executes dropped EXE 6 IoCs

Processes:

1.exewin.exeNixware Loader.exeservices64.exesihost64.exeChromeRecovery.exe

pid process

2168 1.exe
4968 win.exe
1444 Nixware Loader.exe
5476 services64.exe
5404 sihost64.exe
4348 ChromeRecovery.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

114 freegeoip.app
115 freegeoip.app
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

nixware.exe

pid process

2084 nixware.exe
2084 nixware.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

conhost.exe

description pid process target process

PID 3008 set thread context of 5400 3008 conhost.exe svchost.exe

pid	process
2168	1.exe
4968	win.exe
1444	Nixware Loader.exe
5476	services64.exe
5404	sihost64.exe
4348	ChromeRecovery.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

flow	ioc
114	freegeoip.app
115	freegeoip.app

pid	process
2084	nixware.exe
2084	nixware.exe

description	pid	process	target process
PID 3008 set thread context of 5400	3008	conhost.exe	svchost.exe

Drops file in Program Files directory 7 IoCs

Processes:

elevation_service.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\_metadata\verified_contents.json	elevation_service.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4524 4612 WerFault.exe

pid	pid_target	process	target process
4524	4612	WerFault.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

1.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

6116 schtasks.exe

pid	process
6116	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 4 IoCs

Processes:

chrome.exenixware.exemsedge.exetaskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	nixware.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exe1.exechrome.exemsedge.exemsedge.exechrome.execonhost.exeidentity_helper.exetaskmgr.exechrome.execonhost.exesvchost.exe

pid	process
1996	chrome.exe
1996	chrome.exe
4100	chrome.exe
4100	chrome.exe
2356	chrome.exe
2356	chrome.exe
4860	chrome.exe
4860	chrome.exe
4140	chrome.exe
4140	chrome.exe
2168	1.exe
2168	1.exe
2168	1.exe
2168	1.exe
2168	1.exe
4576	chrome.exe
4576	chrome.exe
5020	msedge.exe
5020	msedge.exe
1360	msedge.exe
1360	msedge.exe
5456	chrome.exe
5456	chrome.exe
5940	conhost.exe
5940	conhost.exe
6008	identity_helper.exe
6008	identity_helper.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
4992	chrome.exe
4992	chrome.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
3008	conhost.exe
3008	conhost.exe
3008	conhost.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
5400	svchost.exe
5400	svchost.exe
1116	taskmgr.exe
1116	taskmgr.exe
5400	svchost.exe
5400	svchost.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

Processes:

taskmgr.exeLOIC.exeLOIC.exetaskmgr.exeLOIC.exe

pid process

1116 taskmgr.exe
5116 LOIC.exe
4700 LOIC.exe
2312 taskmgr.exe
4368 LOIC.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656

pid	process
1116	taskmgr.exe
5116	LOIC.exe
4700	LOIC.exe
2312	taskmgr.exe
4368	LOIC.exe

pid	process
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

1.execonhost.exetaskmgr.execonhost.exesvchost.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	2168	1.exe
Token: SeDebugPrivilege	5940	conhost.exe
Token: SeDebugPrivilege	1116	taskmgr.exe
Token: SeSystemProfilePrivilege	1116	taskmgr.exe
Token: SeCreateGlobalPrivilege	1116	taskmgr.exe
Token: SeDebugPrivilege	3008	conhost.exe
Token: SeLockMemoryPrivilege	5400	svchost.exe
Token: SeLockMemoryPrivilege	5400	svchost.exe
Token: 33	1116	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1116	taskmgr.exe
Token: SeDebugPrivilege	2312	taskmgr.exe
Token: SeSystemProfilePrivilege	2312	taskmgr.exe
Token: SeCreateGlobalPrivilege	2312	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exetaskmgr.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe
1116	taskmgr.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

nixware.exeLOIC.exeLOIC.exeLOIC.exeLOIC.exe

pid process

2084 nixware.exe
5212 LOIC.exe
5212 LOIC.exe
5116 LOIC.exe
5116 LOIC.exe
4700 LOIC.exe
4700 LOIC.exe
4368 LOIC.exe
4368 LOIC.exe

pid	process
2084	nixware.exe
5212	LOIC.exe
5212	LOIC.exe
5116	LOIC.exe
5116	LOIC.exe
4700	LOIC.exe
4700	LOIC.exe
4368	LOIC.exe
4368	LOIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4100 wrote to memory of 1292	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 1292	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 4560	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 1996	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 1996	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe
PID 4100 wrote to memory of 216	4100	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://dropmefiles.com/N84Xm
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa55094f50,0x7ffa55094f60,0x7ffa55094f70
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1700 /prefetch:2
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4352 /prefetch:8
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
2⤵
PID:540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:1008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5740 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6276 /prefetch:8
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6448 /prefetch:8
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 /prefetch:8
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
2⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:5764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2688 /prefetch:2
2⤵
PID:5948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3492 /prefetch:8
2⤵
PID:5360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 /prefetch:8
2⤵
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
2⤵
PID:5572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4424 /prefetch:8
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6612 /prefetch:8
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=992 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6428 /prefetch:8
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6496 /prefetch:8
2⤵
PID:5504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6600 /prefetch:8
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5080 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4948 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6456 /prefetch:8
2⤵
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5652 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
2⤵
PID:5820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6468 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6444 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5812 /prefetch:8
2⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6424 /prefetch:8
2⤵
PID:6004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6252 /prefetch:8
2⤵
PID:5736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5800 /prefetch:8
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
2⤵
PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
2⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
2⤵
PID:476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
2⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
2⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
2⤵
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7984 /prefetch:8
2⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
2⤵
PID:5344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:8
2⤵
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=984 /prefetch:8
2⤵
PID:5944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:8
2⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5180 /prefetch:8
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6436 /prefetch:8
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7432 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
2⤵
PID:5276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14044879799669218333,15644402046074028245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5304 /prefetch:8
2⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 4612 -ip 4612
1⤵
PID:368

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4612 -s 768
1⤵
- Program crash
PID:4524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1160

C:\Users\Admin\Desktop\nixware.exe
"C:\Users\Admin\Desktop\nixware.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2168

C:\Users\Admin\AppData\Local\Temp\win.exe
"C:\Users\Admin\AppData\Local\Temp\win.exe"
2⤵
- Executes dropped EXE
PID:4968

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\win.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5940

C:\Windows\System32\cmd.exe
"cmd" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\Admin\AppData\Local\Temp\services64.exe"
4⤵
PID:6072

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr "C:\Users\Admin\AppData\Local\Temp\services64.exe"
5⤵
- Creates scheduled task(s)
PID:6116

C:\Windows\System32\cmd.exe
"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\services64.exe"
4⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\services64.exe
C:\Users\Admin\AppData\Local\Temp\services64.exe
5⤵
- Executes dropped EXE
PID:5476

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\services64.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3008

C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe"
7⤵
- Executes dropped EXE
PID:5404

C:\Windows\System32\conhost.exe
"C:\Windows\System32\conhost.exe" "/sihost64"
8⤵
PID:5696

C:\Windows\System32\svchost.exe
C:\Windows/System32\svchost.exe --cinit-find-x -B --algo="rx/0" --asm=auto --cpu-memory-pool=1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.hashvault.pro:80 --user=86RZCQ8EgRhKRiXETMJ5po96wf7wKt8JwW3c54CNXDpYbLikb9YvG6ei6KCDBgidyyYqfYR6zNoCKf3BbJrGPCoYMuh4nVW --pass=nixware --cpu-max-threads-hint=20 --cinit-stealth-targets="+iU/trnPCTLD3p+slbva5u4EYOS6bvIPemCHGQx2WRUcnFdomWh6dhl5H5KbQCjp6yCYlsFu5LR1mi7nQAy56B+5doUwurAPvCael2sR/N4=" --cinit-idle-wait=2 --cinit-idle-cpu=70 --tls --cinit-stealth
7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5400

C:\Users\Admin\AppData\Local\Temp\Nixware Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Nixware Loader.exe"
2⤵
- Executes dropped EXE
PID:1444

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Tg.bat" "
2⤵
PID:1160

C:\Windows\SysWOW64\explorer.exe
explorer https://t.me/nixware_support
3⤵
PID:2036

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/nixware_support
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa4e4446f8,0x7ffa4e444708,0x7ffa4e444718
3⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
3⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
3⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
3⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
3⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 /prefetch:8
3⤵
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
3⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4020 /prefetch:8
3⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
3⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
3⤵
PID:5636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 /prefetch:8
3⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9418504258056604091,17023223908831353343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:476

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1116

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:2876

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={02c9ef56-f477-42c8-b82a-f2f399fe8a01} --system
2⤵
- Executes dropped EXE
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa55094f50,0x7ffa55094f60,0x7ffa55094f70
2⤵
PID:2172

C:\Users\Admin\Desktop\LOIC.exe
"C:\Users\Admin\Desktop\LOIC.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5212

C:\Users\Admin\Desktop\LOIC.exe
"C:\Users\Admin\Desktop\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5116

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2312

C:\Users\Admin\Desktop\LOIC.exe
"C:\Users\Admin\Desktop\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4700

C:\Users\Admin\Desktop\LOIC.exe
"C:\Users\Admin\Desktop\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4368

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2876_234883005\ChromeRecovery.exe
Filesize
253KB

MD5
49ac3c96d270702a27b4895e4ce1f42a

SHA1
55b90405f1e1b72143c64113e8bc65608dd3fd76

SHA256
82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

SHA512
b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
Filesize
20KB

MD5
562ae7e4daf908c9bf9bd9f926177c08

SHA1
81747b683658141b439ab629d792bd666bdbf849

SHA256
8a8ec5a4f8709cc65a8264bc6c51eae1d32b5a091fc7c681b4c20a127a049430

SHA512
e4eabf545fea091d85c0f389a432c48864ee8d408babf690c7929f148cca888f0f386569c229c3f2baf49d57bf15e7ce1e7157417610aa60b2d6c6ad496fb606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
103KB

MD5
810e2e0132cc2c77530bd5bd864489c9

SHA1
7f2b1ae4b4517f5ba52e87aa73af2ede6607d08f

SHA256
271dfd62e287033541ee966f8f0d636deefc0600c263d1cf4a02d5f0f7b04501

SHA512
75b9b8687c32309b35e5378eb7f9b7fd5621ef21fa4e1e5449a905402292180a627b323bbc1b5dfd5a7aa83840e35e53729e4223be4d3bda3e58e1dbd1ac9cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3
Filesize
141KB

MD5
ea1c1ffd3ea54d1fb117bfdbb3569c60

SHA1
10958b0f690ae8f5240e1528b1ccffff28a33272

SHA256
7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

SHA512
6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\conhost.exe.log
Filesize
539B

MD5
b245679121623b152bea5562c173ba11

SHA1
47cb7fc4cf67e29a87016a7308cdb8b1b4dc8e3d

SHA256
73d84fd03e38f1bbf8b2218f8a454f0879051855252fc76b63f20f46e7fd877f

SHA512
75e46843b1eafcc7dc4362630838895b7f399e57662a12bf0305a912c8e726b02e0a760b1b97a2c262b2d05fdb944b9ed81c338ad93e5eb5cb57bc651602e42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.exe
Filesize
274KB

MD5
24a51d78647223ee11b910e14f2a30b1

SHA1
22efce1a9f8dbac3a79367a8b0911307703ee46d

SHA256
f07a6569599e817964fadf806eb0a87e3420179fbc23623a3f2ef395dc4a27f5

SHA512
007acfe559face066ee489ba8aff4b894f1a44265433fa221ad5844bc118fcb6adde159bef1fc4e7675c88ad74fcc9e1fc1966b6c44b261ce4bd6160534ca867

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.exe
Filesize
274KB

MD5
24a51d78647223ee11b910e14f2a30b1

SHA1
22efce1a9f8dbac3a79367a8b0911307703ee46d

SHA256
f07a6569599e817964fadf806eb0a87e3420179fbc23623a3f2ef395dc4a27f5

SHA512
007acfe559face066ee489ba8aff4b894f1a44265433fa221ad5844bc118fcb6adde159bef1fc4e7675c88ad74fcc9e1fc1966b6c44b261ce4bd6160534ca867

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nixware Loader.exe
Filesize
19KB

MD5
17f672a433b839d5a307e7c832c55b23

SHA1
18ac995567d8cbe3977ccaa6af017f464115a6f2

SHA256
2798489b1dcb73e61e5a38e4655e5f48843f7a5b6d1387349fbb0c0bbc42943f

SHA512
6fffce3343ef81779c3d8f3c26418e195c87be8199b62d5d0066e89f41bf13a5fae616135eb34201c92bcafee2fee9a7bc8f847d589818d16fa3945c84a45cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Nixware Loader.exe
Filesize
19KB

MD5
17f672a433b839d5a307e7c832c55b23

SHA1
18ac995567d8cbe3977ccaa6af017f464115a6f2

SHA256
2798489b1dcb73e61e5a38e4655e5f48843f7a5b6d1387349fbb0c0bbc42943f

SHA512
6fffce3343ef81779c3d8f3c26418e195c87be8199b62d5d0066e89f41bf13a5fae616135eb34201c92bcafee2fee9a7bc8f847d589818d16fa3945c84a45cd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tg.bat
Filesize
37B

MD5
41a34775ffcdc8f6f1f6e41da726bf1a

SHA1
eaec7d7e7dce8dae096cdaa644eae73ab8250aca

SHA256
47a6ec039d3f8f3977a93166b9f66b47ffc5a9c306345655678c4a12100a46a5

SHA512
4cbb4ed909001e6ab439f0bccae6813e04293436307c2e85d0d238d0319c9c70a17163e3f83602c773b744d4d023f732350806bc216f7a6c598426db0da180d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\services64.exe
Filesize
2.1MB

MD5
d8abaf1076d66e5f87487588d8043183

SHA1
54027b5e8f86bf2dbb4b6ea46f8b24a9cde3002a

SHA256
9c14204dfa2fc52b7f411cff3d8d3e909410ad8607407860e50eb01f6d3bb291

SHA512
e4e26e5687f9097fbad3791ab6dd15740094c192a8f078805c4adbb059e2770e747118e50477ae44ecded15152c12df77ef96ebd492990b6d662852792ed8bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\services64.exe
Filesize
2.1MB

MD5
d8abaf1076d66e5f87487588d8043183

SHA1
54027b5e8f86bf2dbb4b6ea46f8b24a9cde3002a

SHA256
9c14204dfa2fc52b7f411cff3d8d3e909410ad8607407860e50eb01f6d3bb291

SHA512
e4e26e5687f9097fbad3791ab6dd15740094c192a8f078805c4adbb059e2770e747118e50477ae44ecded15152c12df77ef96ebd492990b6d662852792ed8bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\win.exe
Filesize
2.1MB

MD5
d8abaf1076d66e5f87487588d8043183

SHA1
54027b5e8f86bf2dbb4b6ea46f8b24a9cde3002a

SHA256
9c14204dfa2fc52b7f411cff3d8d3e909410ad8607407860e50eb01f6d3bb291

SHA512
e4e26e5687f9097fbad3791ab6dd15740094c192a8f078805c4adbb059e2770e747118e50477ae44ecded15152c12df77ef96ebd492990b6d662852792ed8bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\win.exe
Filesize
2.1MB

MD5
d8abaf1076d66e5f87487588d8043183

SHA1
54027b5e8f86bf2dbb4b6ea46f8b24a9cde3002a

SHA256
9c14204dfa2fc52b7f411cff3d8d3e909410ad8607407860e50eb01f6d3bb291

SHA512
e4e26e5687f9097fbad3791ab6dd15740094c192a8f078805c4adbb059e2770e747118e50477ae44ecded15152c12df77ef96ebd492990b6d662852792ed8bed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
Filesize
2KB

MD5
7ef9fa3eefdef1eea3c1085155185686

SHA1
d03e220e054b194372677d9b21f401f4df28bd73

SHA256
8de7f33b3f4093a8eb9c3a90e33f0ed236def7f3abfbd4bc5fb1feb4269d60cb

SHA512
ca7b2e248354d118a2abe1a3ab506b077d85e1f6d10dba493c16da90302bfde933a65b0c2c209226b86a1ae56e7f6568b1448b9eff88a63edd48f6dfcfb3221b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe
Filesize
30KB

MD5
c4920fad2a7df553f83faba41a6220e1

SHA1
ee984d1d6ceef64ba2175f6d6eaac3a7435c78a4

SHA256
b7944b8fd66f57924d696a80050e76320d3f1bb706d852cf19748ffabff963d9

SHA512
064731392fd62f4d1b04b4bd221b2e44e9d04f700267cbcd84146eb58842f0b1fbf036cd230ac1745e21dddde63d99e0ecc547ca3b14fea226084a0a8810eff8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Libs\sihost64.exe
Filesize
30KB

MD5
c4920fad2a7df553f83faba41a6220e1

SHA1
ee984d1d6ceef64ba2175f6d6eaac3a7435c78a4

SHA256
b7944b8fd66f57924d696a80050e76320d3f1bb706d852cf19748ffabff963d9

SHA512
064731392fd62f4d1b04b4bd221b2e44e9d04f700267cbcd84146eb58842f0b1fbf036cd230ac1745e21dddde63d99e0ecc547ca3b14fea226084a0a8810eff8

Download Submit
\??\pipe\LOCAL\crashpad_1360_HMSQZLKVNLLLZRMF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4100_WKLWWABVHVYHVXVC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1160-147-0x0000000000000000-mapping.dmp

Download
memory/1360-156-0x0000000000000000-mapping.dmp

Download
memory/1444-151-0x00000000058C0000-0x0000000005E64000-memory.dmp

Filesize
5.6MB

Download
memory/1444-144-0x0000000000000000-mapping.dmp

Download
memory/1444-153-0x00000000053F0000-0x0000000005482000-memory.dmp

Filesize
584KB

Download
memory/1444-155-0x00000000053E0000-0x00000000053EA000-memory.dmp

Filesize
40KB

Download
memory/1444-150-0x0000000000B50000-0x0000000000B5C000-memory.dmp

Filesize
48KB

Download
memory/1692-168-0x0000000000000000-mapping.dmp

Download
memory/1776-188-0x0000000000000000-mapping.dmp

Download
memory/2036-154-0x0000000000000000-mapping.dmp

Download
memory/2084-148-0x0000000000400000-0x0000000000B0E000-memory.dmp

Filesize
7.1MB

Download
memory/2084-134-0x0000000000400000-0x0000000000B0E000-memory.dmp

Filesize
7.1MB

Download
memory/2084-133-0x0000000000400000-0x0000000000B0E000-memory.dmp

Filesize
7.1MB

Download
memory/2168-162-0x00007FFA503C0000-0x00007FFA50E81000-memory.dmp

Filesize
10.8MB

Download
memory/2168-149-0x00007FFA503C0000-0x00007FFA50E81000-memory.dmp

Filesize
10.8MB

Download
memory/2168-138-0x0000016A8BD90000-0x0000016A8BDDA000-memory.dmp

Filesize
296KB

Download
memory/2168-135-0x0000000000000000-mapping.dmp

Download
memory/3008-203-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/3008-195-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/3632-164-0x0000000000000000-mapping.dmp

Download
memory/4140-166-0x0000000000000000-mapping.dmp

Download
memory/4348-210-0x0000000000000000-mapping.dmp

Download
memory/4348-212-0x0000000074351000-0x0000000074353000-memory.dmp

Filesize
8KB

Download
memory/4368-226-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-225-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4700-222-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4700-159-0x0000000000000000-mapping.dmp

Download
memory/4700-223-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4700-224-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4924-157-0x0000000000000000-mapping.dmp

Download
memory/4968-139-0x0000000000000000-mapping.dmp

Download
memory/5020-160-0x0000000000000000-mapping.dmp

Download
memory/5116-219-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5116-220-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5116-221-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5212-216-0x0000000000C20000-0x0000000000C48000-memory.dmp

Filesize
160KB

Download
memory/5212-217-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5212-218-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5224-170-0x0000000000000000-mapping.dmp

Download
memory/5316-172-0x0000000000000000-mapping.dmp

Download
memory/5400-204-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-201-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-202-0x000001E801D70000-0x000001E801D90000-memory.dmp

Filesize
128KB

Download
memory/5400-200-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-205-0x000001E8037A0000-0x000001E8037E0000-memory.dmp

Filesize
256KB

Download
memory/5400-206-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-215-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-198-0x0000000140000000-0x0000000140786000-memory.dmp

Filesize
7.5MB

Download
memory/5400-199-0x000000014030F3F8-mapping.dmp

Download
memory/5404-194-0x0000000000000000-mapping.dmp

Download
memory/5476-190-0x0000000000000000-mapping.dmp

Download
memory/5568-176-0x0000000000000000-mapping.dmp

Download
memory/5620-178-0x0000000000000000-mapping.dmp

Download
memory/5636-180-0x0000000000000000-mapping.dmp

Download
memory/5696-208-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5696-214-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5696-207-0x0000025368680000-0x0000025368686000-memory.dmp

Filesize
24KB

Download
memory/5940-187-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5940-183-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/5940-182-0x00000142C1B60000-0x00000142C1B72000-memory.dmp

Filesize
72KB

Download
memory/5940-181-0x00000142BFC90000-0x00000142BFEB0000-memory.dmp

Filesize
2.1MB

Download
memory/5940-189-0x00007FFA4E730000-0x00007FFA4F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/6008-184-0x0000000000000000-mapping.dmp

Download
memory/6072-185-0x0000000000000000-mapping.dmp

Download
memory/6116-186-0x0000000000000000-mapping.dmp

Download