Malware Analysis Report

2024-12-07 19:37

Sample ID 241114-lct81swhpa
Target 1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888
SHA256 1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888
Tags
amadey lumma 9c9aa5 credential_access discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888

Threat Level: Known bad

The file 1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888 was found to be: Known bad.

Malicious Activity Summary

amadey lumma 9c9aa5 credential_access discovery evasion persistence spyware stealer trojan

Amadey family

Amadey

Lumma family

Lumma Stealer, LummaC

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Uses browser remote debugging

Downloads MZ/PE file

Checks BIOS information in registry

Unsecured Credentials: Credentials In Files

Reads data files stored by FTP clients

Identifies Wine through registry keys

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Program crash

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Modifies system certificate store

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 09:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 09:23

Reported

2024-11-14 09:26

Platform

win7-20241010-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe"

Signatures

Amadey

trojan amadey

Amadey family

amadey

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\63500a1c2f.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006169001\\63500a1c2f.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Windows\CurrentVersion\Run\984efb6da5.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006170001\\984efb6da5.exe" C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Checks installed software on the system

discovery

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3060 set thread context of 2448 N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\skotes.job C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
N/A N/A C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\DocumentsAFHDAEGHDG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1656 wrote to memory of 580 N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1656 wrote to memory of 580 N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1656 wrote to memory of 580 N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1656 wrote to memory of 580 N/A C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 580 wrote to memory of 1836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 580 wrote to memory of 1836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\ctfmon.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 580 wrote to memory of 1752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe

"C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65d9758,0x7fef65d9768,0x7fef65d9778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1068 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1508 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9229 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1396 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1260,i,4894041000687731824,16503246910447983126,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsAFHDAEGHDG.exe"

C:\Users\Admin\DocumentsAFHDAEGHDG.exe

"C:\Users\Admin\DocumentsAFHDAEGHDG.exe"

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe

"C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe"

C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe

"C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7469758,0x7fef7469768,0x7fef7469778

C:\Windows\system32\ctfmon.exe

ctfmon.exe

C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe

"C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1060 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9222 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2812 --field-trial-handle=1008,i,8914544947599784858,18126291564772934413,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 1204

C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe

"C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 1180

C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe

"C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe"

C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 presticitpo.store udp
US 8.8.8.8:53 crisiwarny.store udp
US 8.8.8.8:53 fadehairucw.store udp
US 8.8.8.8:53 thumbystriw.store udp
US 8.8.8.8:53 necklacedmny.store udp
US 8.8.8.8:53 founpiuer.store udp
US 8.8.8.8:53 navygenerayk.store udp
US 8.8.8.8:53 scriptyprefej.store udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RU 185.215.113.206:80 185.215.113.206 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
N/A 224.0.0.251:5353 udp
RU 185.215.113.206:80 185.215.113.206 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
RU 185.215.113.43:80 185.215.113.43 tcp
N/A 127.0.0.1:9229 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 home.fvteja5sb.top udp
RU 141.8.199.217:80 home.fvteja5sb.top tcp
US 8.8.8.8:53 fvteja5sb.top udp
RU 141.8.199.217:80 fvteja5sb.top tcp
US 8.8.8.8:53 fvteja5sb.top udp
RU 141.8.199.217:80 fvteja5sb.top tcp
US 8.8.8.8:53 frogmen-smell.sbs udp
RU 185.215.113.16:80 185.215.113.16 tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
GB 142.250.178.4:443 www.google.com tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 8.8.8.8:53 fvteja5sb.top udp
RU 141.8.199.217:80 fvteja5sb.top tcp
N/A 127.0.0.1:9222 tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
N/A 127.0.0.1:55705 udp
N/A 127.0.0.1:9222 tcp
US 104.21.80.55:443 frogmen-smell.sbs tcp
RU 185.215.113.206:80 185.215.113.206 tcp
RU 185.215.113.206:80 185.215.113.206 tcp

Files

memory/1656-0-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-1-0x0000000077910000-0x0000000077912000-memory.dmp

memory/1656-2-0x0000000000D31000-0x0000000000D89000-memory.dmp

memory/1656-4-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-3-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-5-0x0000000000D30000-0x0000000001027000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabB492.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB4C4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/1656-31-0x0000000000D31000-0x0000000000D89000-memory.dmp

memory/1656-41-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-42-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-43-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-44-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-46-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-45-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-54-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-53-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-59-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-78-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-84-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-83-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-81-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-80-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-77-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-76-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-74-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-73-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-72-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-71-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-69-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-68-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-67-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-66-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-64-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-63-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-62-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-61-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-82-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-60-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-79-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-58-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-75-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-70-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-57-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-65-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-56-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-55-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-85-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-86-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-87-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-88-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/1656-90-0x0000000061E00000-0x0000000061EF3000-memory.dmp

\??\pipe\crashpad_580_QYYVCJVHCPGGFCNJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/1656-151-0x0000000000D30000-0x0000000001027000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/1656-205-0x0000000000D30000-0x0000000001027000-memory.dmp

C:\Users\Admin\DocumentsAFHDAEGHDG.exe

MD5 6a1bbfbdaf00c7e89cfe3ff42742c6d0
SHA1 45d20380b86f2225b04a71fa327d93f15652e656
SHA256 655c0c7eeefd0da2176b56d1308ab26f0ef57999f02f93e8c3de743b9e3e714d
SHA512 9099c08d8680231531be317402e75d6133877915b5069f9b649b2e6fbbbae54bc7b3cc8219f68d82a882713623f5fe2f43ea82a3cebd4939373f604dc422e15f

memory/2288-216-0x0000000002160000-0x0000000002478000-memory.dmp

memory/2380-217-0x00000000010C0000-0x00000000013D8000-memory.dmp

memory/1656-218-0x00000000069A0000-0x0000000007032000-memory.dmp

memory/1656-245-0x0000000000D31000-0x0000000000D89000-memory.dmp

memory/1656-244-0x0000000000D30000-0x0000000001027000-memory.dmp

memory/3060-257-0x0000000000B00000-0x0000000000E18000-memory.dmp

memory/2380-256-0x00000000010C0000-0x00000000013D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1005956001\fc89025b7e.exe

MD5 a7e41df2cb4730c2e9b4cc777e99df77
SHA1 20e33d9967a4b927692bc5b1809c1aad790542eb
SHA256 5713f57c3f457cb7bc70b6495bc94737c1d6a608dbfd4411bcc7437246eb66cf
SHA512 c38a2591fb36e56b06ee983e9df5e90f9354dce860dabd3561d6358476284bb4de74e29f84cd2db11ec026bd901abc4c923ee18b39f596de9db7798e6da42439

memory/3060-278-0x0000000000B00000-0x0000000000E18000-memory.dmp

memory/2832-277-0x0000000000C30000-0x00000000017EE000-memory.dmp

memory/3060-276-0x0000000006BC0000-0x000000000777E000-memory.dmp

memory/3060-275-0x0000000006BC0000-0x000000000777E000-memory.dmp

memory/2832-281-0x0000000000C30000-0x00000000017EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe

MD5 8fb77810c61e160a657298815346996e
SHA1 4268420571bb1a858bc6a9744c0742d6fd738a83
SHA256 a0840c581f8f1d606fdc43bc98bd386755433bf1fb36647ecf2165eea433ff66
SHA512 b0d0aea14bfbb5dfa17536b1669d85fc1325140f6a0176ae1c04870efa3adc902d5755f0df00d305f01120960e95bfc40c37c7519ec2827797ebaa95097cfeb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

MD5 c806c4473f82ec409d0d01281513adc3
SHA1 a2a0d2dea8fb5429c8eb339d7504936db8b7ed95
SHA256 92cd61a571d3eb9dbff4319c293faf68a9a0960bd7efac19cd413df10d0b325a
SHA512 febbaad04eaa215c13f624905fa79c93f04057432895a67e93a41343fcbd02da3424713c62b068429d75a6833981c54f1dfa2df81d9d5ec891ab40fdd5bb2895

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ade370d72a5e4a9155639bd6aa7522f6
SHA1 1f3fd4c8c7c358053efb7a665155bfced357badf
SHA256 3fa4c0d6a158c0cf88ab17ad09018739515eefc3ff31bffff3414cd50c4a73cb
SHA512 5723284b5ac7e7c953f0582598d34b302ce620bcd0f9a4261bc364ce033669eaaee298c47f4a17940710f3e656c7e160c0dc0638b839317e7221427332ef076d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b15a85929c377b31a714b6e2a2294398
SHA1 d02aaf969119f680d1e37a6a0326a1a73343f38a
SHA256 06740ac7d1278061ba7aaa49b7b0547dce717b70b9264caab5f6db423b719fcb
SHA512 cc43f632ace2efc07a8fb205a35fcedac49c0150d4a6a926cefd5ee265dc76daa51bb54c4e3acba6cf601bbcff455dec7a2a2d54e88f8a6d7c246ea1e19ce4b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe

MD5 5b015748645c5df44a771f9fc6e136c3
SHA1 bf34d4e66f4210904be094e256bd42af8cb69a13
SHA256 622c5cb9a11085da8240c94262f596b687b3ecc2bc805b7f5a01cc335f7df909
SHA512 026a32a969f973f91f6e848ce3509546ef70bddfdb39ed08c177c2cd1eddeb1297a2d722fa8542a9a09a3d0b9d4c8df0d35139b1c7ae0beba1b964a6b8003302

memory/3060-332-0x0000000006BC0000-0x0000000007067000-memory.dmp

memory/3060-331-0x0000000006BC0000-0x0000000007067000-memory.dmp

memory/2720-334-0x0000000000A40000-0x0000000000EE7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

MD5 018db1ba3d03249ceaa62ee2754d021d
SHA1 2fdfc237ae1a367855dad135b0ede1707a28d4c7
SHA256 c8a39850f1f9dfd1bdcbd871f564dc9673a05c1c8ca6625cd0d7516910053b69
SHA512 bca5477590243b9165fcdd66256de97bd754832fe766fb32cb1b3524ec3ab4f67fd0e1e2ff3ca3adec148c37510b057315b4aaf1cde9729d9d2954fe8da75400

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

MD5 1be22f40a06c4e7348f4e7eaf40634a9
SHA1 8205ec74cd32ef63b1cc274181a74b95eedf86df
SHA256 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691
SHA512 b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

MD5 e556f26df3e95c19dbaeca8f5df0c341
SHA1 247a89f0557fc3666b5173833db198b188f3aa2e
SHA256 b0a7b19404285905663876774a2176939a6ed75ef3904e44283a125824bd0bf3
SHA512 055bc4ab12feedf3245eaaf0a0109036909c44e3b69916f8a01e6c8459785317fe75ca6b28f8b339316fc2310d3e5392cd15dbdb0f84016667f304d377444e2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

MD5 b6d5d86412551e2d21c97af6f00d20c3
SHA1 543302ae0c758954e222399987bb5e364be89029
SHA256 e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191
SHA512 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 31c5074db88c67fdcde2f2dde70dbb42
SHA1 7a79c47e8e56a42fd9254ffc28051cb7f200cd20
SHA256 fc78fe8fcfa44b6f577d77eb79f3a803eb01b89b7c5e8500d0a633927b3a1d3d
SHA512 51a69755550d9008e5498d897a42a9520089e520bc41aac704a5febe73c2cdc7b19f811b5a3221413fbc8365ec271403297701c1dc4cd8d94a5cc7caf749d167

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 f0f87670a5826a06776570a5bfc5205b
SHA1 8194d41c504e22441a8bedd3821898b7e0d2bb1a
SHA256 28d3c231183252c7f6f7f2d944873ca1976861b55e97f930c99881f642fb10be
SHA512 3aa730fea2f9afadafec87daf4428ab6fd0384c41779bd9443315218938df320e1d4fcdb5c6d51835bb9933fa962571e85a53568839a82df49f3d41c0512c86a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 e108fa3c65227bb4f52103b63d929f24
SHA1 c29ec52d12690a0ef225a7c7135696c975d4f6b2
SHA256 b0d6726062a05e3196a53bc17863415c4104dd993039a6d1efe88c29bbf49987
SHA512 490da85cf21d06e66c89662b2b7f47218f329787327a5f7a3191d2487669f8105324c6d64d28ed9383073b01bb4a8b68ad0547ead89d992138af739777a98c18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 4a6f392496f299a9c6811213ffe559e9
SHA1 e7555fe68f3d9f86ee653e939e69881aa27eaa82
SHA256 7d65a4652fdae998bde558b165f59e1ee29036a8c61b2e4b4d3ab5133b25c76a
SHA512 2469dc74f0188eb311167409e8218ac1148766ce0c5c9d763fa53332bdc67b8622dc883ae5c0bc3712eae656db222a13bb956328cc00cc206278d8d9a2e7c4af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

MD5 2854f9012a7849465fa6884c95bc80c1
SHA1 d5ae643491e22adf36a57a3d92292cdf1f489881
SHA256 e08ceec97680bfb09b5f08a92b1d39608dba72b4c60c0180ddba02648df11d52
SHA512 e5520c9cfd41a2affaeb6bfaa326be2085593ed20f31b662a7611acb786f41b692c6bb267f0e24292ae5806068c4279afa77f8ca09b028eba13d0c5baced6412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

MD5 50e0a00e9e3eca5dd3e80d3e6e8b8eb6
SHA1 f0afa409c7ab927938c8dedf7e57c0f355103cba
SHA256 7c820f099ace6ab1f6694f5b610412ce0cd81c64a500bc8558ae5ff9042a9c8c
SHA512 7834f7052e6d21e6aba4b5445b555103bfb9f1e04457a5aa7363918e97e0d7dfd0e08a9136c377600fd3a1c8818296b76e9eb09c7217b4e8b9229bb81689a79e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

MD5 cce6d9e0a2fca760e3a7904fca2fa80b
SHA1 b637051510893c6688ef301bd59532f3255b3a01
SHA256 7833d6eb2a94306bd3d04cf593243cda062e5deb67528a767a43f42d8a12e159
SHA512 17740ac23a35c466429bd338214cff75d51321a95eac7785e3ff2b5597a1d6cc01a52bdfbd4143b0510affd86b4a892a6f0d337d057ee464d788abd8a4b7b2f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 5f862fa4855f72e57fbf0b2052e4b60d
SHA1 f0551ba43216e6a81a79ab1ba14266f2c6bfd817
SHA256 b02237e148771c8f6c323b22d7e9552b5a7ef714b28dfc3fd827e5e67909ad1d
SHA512 dc64944fe484af2300078cdd8e594960652ec3abaa46db726e6b40873106a11bf703260b50a3721d286e1681baffb3a90cd68e13dc6b436f5d66d26c1da0e2f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

MD5 f231183c8cee419e238331ae29c92a98
SHA1 f0fa6ac241682a347e89756f067bb2e5291cf4b3
SHA256 de595f7b8b66ee9038ae22362dc99cb0c155862d5003c05abbf522dd18c3b97e
SHA512 415214365e69d403b78817e9dbb7333a52eaf645da50479e25c1e6e950049f715c09eb58d202c59aa617a856f10874072e8fde41db55b0538ce9230930febb94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

MD5 fe62c64b5b3d092170445d5f5230524e
SHA1 0e27b930da78fce26933c18129430816827b66d3
SHA256 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4
SHA512 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

MD5 d757e9f525200060aefbd2e00bc69809
SHA1 ae551809c3435fe3e6716b76dc23b7294189b4ce
SHA256 729406f9e7c1e50d927d0c6916ee0a97eaa26c46e6cdecef7580e61b8c0dfe20
SHA512 50c15062061f449952bda82a8b0cd4bafe6f3f434f642fadb8017e65c09886bb4d0b52967c80f8fa380447c63d79b6518f605a3efe7d8eea40c2dbbaa0d41953

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 f60ad0bfae1f7c7850c5a242b2ba9c95
SHA1 c4a7277ca2fc7b051cd1e8934f8094bc72e6e38b
SHA256 6bccc6c1f96465a89e847e1e91efbe3a21ab121dd16d7af2cd36271e99d41435
SHA512 a487eb0b9c8f49b3890fdf6c9d9feedc310bfe467b420d62b0b8a1a1013378232cd17eae822d18e11aaa2069b1382e704f920c1a2111c0df9d35e0792f434a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

MD5 ca394f45caba769a4cad4c83d6697927
SHA1 c211e9e64855c287f175ed34a1c8efa5c619cd59
SHA256 6ac4bf743644b04e1e726148d07645ab8ea45e4ad39330731fcdf6dbc47c1542
SHA512 a04d7ec03798841b8df4480bf8e4cd1df6e16ce89492a4a7b6347d19c296f814e6aa077aed689ec8ba7189cd2cfc0691b70132b6ecacbf28ca9d6d51675ea061

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

MD5 f3e5497105538916a4a27e319681c079
SHA1 1b92c17f1ba7e66ea9058eebfb21dba1acd840fc
SHA256 697b7d0935fef557c883d53fc8cecb0567c652b495e645d609180b06a43ae9da
SHA512 c9aa65f6f740f04bf8e60a04da403bd5e8fe7f3c219444d94ae0afa17c8fb7f3d742a9ea3fa69e538616d4610b151b3cd9cf0dbc568cedaa1c42736ef796c0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 803c5d7b764b369c3ad484b8b84c8cc7
SHA1 5418ba21bd2360909d3f8f014426f772b3a154b2
SHA256 33cad4e1a163a957b4bb80d1cf6d14af0ad491d5a71e3275054c658af52e670a
SHA512 84eab5b937eed5088a5fb77fb033e9856eac2bd6e48a51f948580fcd726625e9b85e96759ca17276303884e6fc40bb48a757e22ec857bee5cdd1cf9c336beb3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 18593a8807afa1a678f87913a3eef4de
SHA1 d64d04acd8918f46c921128145a2e9fc41c2265f
SHA256 e42b461c4531bcad9695c3364d8e1e6a90c849953c3c3cf6bbfff92362b27bf7
SHA512 8ae70b06ae89c957e960c9c45cf2fa1967cfba8c7d402f60b8387c696dcb7526a8afa47f526bca0894708949a5bd57a8ed4c862409ce5b9e3b57501deb7336ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

memory/2720-423-0x0000000000A40000-0x0000000000EE7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1006169001\63500a1c2f.exe

MD5 a129ada197c203ab5c29a3ebd6bbad8d
SHA1 f9d8cbac2e40e018d5e747229c65c3dc7bfb0319
SHA256 32dda44489d303e0f6b99a3373c146870a398db3b05891bfd3eb6161d8f40e9a
SHA512 d9fff9e986de896b8df23f2ff2e7e750b7deabea996e3037d2eaf6139397bb21de9f593541eca8082a550d2e6cf23015a4fcd7bf9379c00871c916cbbb983ab4

memory/3060-439-0x0000000006520000-0x0000000006832000-memory.dmp

memory/792-440-0x0000000000290000-0x00000000005A2000-memory.dmp

memory/3060-438-0x0000000006520000-0x0000000006832000-memory.dmp

memory/3060-437-0x0000000006BC0000-0x0000000007067000-memory.dmp

memory/792-442-0x0000000000290000-0x00000000005A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1006170001\984efb6da5.exe

MD5 e11f407e9906425f9f0358d0ecc56558
SHA1 fe31800849a6fc0d696b4e400c3f3a04e81f7bc7
SHA256 62a1bfbbef4cba2bf00dd74cc162b1326b63f8c7d1fbbe0beb1155894e12851b
SHA512 1aaaf9f47fe7f188153563475ffa0f78d1f7b9d32221b405edde7d52ad1b040525fb07e0b49e8823b4e6bd8b109fc005fc6e107a9b894a8c19ea9ec68b30979b

memory/380-461-0x0000000000FC0000-0x0000000001652000-memory.dmp

memory/3060-460-0x0000000006520000-0x0000000006832000-memory.dmp

memory/3060-459-0x0000000006520000-0x0000000006832000-memory.dmp

memory/3060-458-0x0000000006BC0000-0x0000000007252000-memory.dmp

memory/3060-457-0x0000000006BC0000-0x0000000007252000-memory.dmp

memory/380-464-0x0000000000FC0000-0x0000000001652000-memory.dmp

memory/3060-539-0x0000000006BC0000-0x0000000007252000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 09:23

Reported

2024-11-14 09:26

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe"

Signatures

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe

"C:\Users\Admin\AppData\Local\Temp\1602395865ab78a9e84d8cd9b9b948d4be8e48573feb25e07f16ff3d8043d888.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 presticitpo.store udp
US 8.8.8.8:53 crisiwarny.store udp
US 8.8.8.8:53 fadehairucw.store udp
US 8.8.8.8:53 thumbystriw.store udp
US 8.8.8.8:53 necklacedmny.store udp
US 8.8.8.8:53 founpiuer.store udp
US 8.8.8.8:53 navygenerayk.store udp
US 8.8.8.8:53 scriptyprefej.store udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 marshal-zhukov.com udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 80.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
RU 185.215.113.16:80 185.215.113.16 tcp
US 8.8.8.8:53 16.113.215.185.in-addr.arpa udp
RU 185.215.113.206:80 185.215.113.206 tcp
US 8.8.8.8:53 206.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4692-0-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-1-0x0000000076F64000-0x0000000076F66000-memory.dmp

memory/4692-2-0x0000000000961000-0x00000000009B9000-memory.dmp

memory/4692-3-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-4-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-5-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-6-0x0000000000961000-0x00000000009B9000-memory.dmp

memory/4692-7-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-8-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-9-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-10-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-11-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-12-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-13-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-14-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-15-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-16-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-23-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-29-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-32-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-34-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-33-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-31-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-30-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-28-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-27-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-25-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-26-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-24-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-39-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-45-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-44-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-47-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-49-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-46-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-43-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-41-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-40-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-42-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-38-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-37-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-35-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-36-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-50-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-52-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-53-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-51-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-48-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-56-0x00000000067D0000-0x0000000006E62000-memory.dmp

memory/4692-82-0x0000000000960000-0x0000000000C57000-memory.dmp

memory/4692-83-0x0000000000961000-0x00000000009B9000-memory.dmp