6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5

Resubmissions

22-05-2020 16:28

200522-ysyjrm8xj6 7

22-05-2020 16:15

200522-dvss5m5wps 7

Analysis

max time kernel
151s
max time network
141s
platform
windows7_x64
resource
win7v200430
submitted
22-05-2020 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
Size

196KB
MD5

a0d418e31766effadc6a37e81ad21743
SHA1

9ec2753f1a123fcd42d95811e1f3b27547b215d0
SHA256

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5
SHA512

f11160a126b865e561cd1fc99b5bf25a52bfb0be14fb709ba012a045b26f585456f7f55d2d0a3b5d754e1512771b89d768e40718589fc9c9a16b30c2a07dda74

Score

7^/10

spyware evasion trojan ransomware

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid process

1976 chrome.exe
1640 chrome.exe
1640 chrome.exe
1784 chrome.exe

pid	process
1976	chrome.exe
1640	chrome.exe
1640	chrome.exe
1784	chrome.exe

Modifies control panel 2 IoCs

evasion

Processes:

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\WallpaperStyle = "2"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\TileWallpaper = "2"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

chrome.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	chrome.exe

Drops Chrome extension 3 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_metadata\computed_hashes.json	chrome.exe
File opened for modification	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp	chrome.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8220.319.1.2_0\_metadata\computed_hashes.json	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

pid process

1412 6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

pid	process
1412	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

Suspicious use of WriteProcessMemory 1215 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1640 wrote to memory of 1576	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1576	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1576	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1620	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1620	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1620	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1984	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1976	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1976	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 1976	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe
PID 1640 wrote to memory of 540	1640	chrome.exe	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded309000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1.jpg"	6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe

C:\Users\Admin\AppData\Local\Temp\6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe
"C:\Users\Admin\AppData\Local\Temp\6caa53b30e5a22779b159d7bdef67f66aea567b6f93360c3c79b6a2d5a37e9a5.bin.exe"
1⤵
- Modifies control panel
- Suspicious use of SetWindowsHookEx
- Sets desktop wallpaper using registry
PID:1412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ë÷Êé.txt
1⤵
PID:1824

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Checks whether UAC is enabled
- Drops Chrome extension
- Suspicious use of WriteProcessMemory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1640

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xa4,0xa8,0xac,0x78,0xb0,0x7fef6c2bd28,0x7fef6c2bd38,0x7fef6c2bd48
2⤵
PID:1576

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1624 --on-initialized-event-handle=352 --parent-handle=356 /prefetch:6
2⤵
PID:1620

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:1984

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1240 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
- Modifies system certificate store
PID:1976

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
2⤵
PID:1060

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2436 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:992

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2580 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1300

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2680 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1744

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1100 --ignored=" --type=renderer " /prefetch:2
2⤵
PID:1964

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2216 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2424

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1464 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2444

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1312 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2460

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1304 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2484

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2580 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2576

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2584 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2616

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2644 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2696

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2916 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2716

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3028 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2784

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
2⤵
PID:2836

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
2⤵
PID:2924

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:1828

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2948 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2476

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2604 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2516

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2468 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2624

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2700 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2560

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --no-sandbox --enable-audio-service-sandbox --mojo-platform-channel-handle=2380 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1784

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1296 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:3032

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2948 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:2092

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3508 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:1068

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2828 --ignored=" --type=renderer " /prefetch:8
2⤵
PID:544

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1012,10282444672584297297,6382721554083824378,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
2⤵
PID:2896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Ë÷Êé.txt

Download Submit
\??\pipe\crashpad_1640_LWACGYYSVNPIUCBU

Download Submit
memory/540-72-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-209-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-207-0x000000000A0B0000-0x000000000A0C1000-memory.dmp

Filesize
68KB

Download
memory/540-6-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/540-118-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-117-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-116-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-115-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-114-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-113-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-112-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-111-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-110-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-109-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-108-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-107-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-106-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-105-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-104-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-103-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-102-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-101-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-100-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-99-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-98-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-97-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-96-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-95-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-94-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-93-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-92-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-91-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-90-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-89-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-88-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-87-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-86-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-85-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-84-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-83-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-82-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-81-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-80-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-79-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-78-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-77-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-76-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/540-75-0x000000000A0B0000-0x000000000A0C1000-memory.dmp

Filesize
68KB

Download
memory/540-74-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-58-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-40-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-68-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-69-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-70-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-66-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-65-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-64-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-63-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-62-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-61-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-60-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-59-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-67-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-57-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-56-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-55-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-54-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-53-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-52-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-51-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-50-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-45-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-44-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-43-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-41-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-10-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1060-39-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-38-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-37-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-36-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-35-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-34-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-33-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-32-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-31-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-30-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-29-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-28-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1060-19-0x0000061100040000-0x0000061100041000-memory.dmp

Filesize
4KB

Download
memory/1060-26-0x0000000009CA0000-0x0000000009CB1000-memory.dmp

Filesize
68KB

Download
memory/1060-25-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1068-349-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1300-17-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1640-216-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-223-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-221-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-219-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-218-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-217-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-224-0x000000001C7D0000-0x000000001C7F3000-memory.dmp

Filesize
140KB

Download
memory/1640-278-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-215-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-213-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-147-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-211-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1640-210-0x000000001F5C0000-0x000000001F5D1000-memory.dmp

Filesize
68KB

Download
memory/1744-22-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1828-250-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-248-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-276-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-275-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-274-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-273-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-272-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-271-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-270-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-269-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-268-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-267-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-266-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-265-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-264-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-263-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-262-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-261-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-260-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-259-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-258-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-257-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-256-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-255-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-254-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-253-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-252-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-251-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-233-0x0000000009DE0000-0x0000000009DF1000-memory.dmp

Filesize
68KB

Download
memory/1828-249-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-232-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-247-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-246-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-245-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-244-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-243-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-242-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-241-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-240-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-239-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-238-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-237-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-236-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-235-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1828-234-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1964-27-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1984-1-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1984-2-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/1984-3-0x0000000077710000-0x0000000077711000-memory.dmp

Filesize
4KB

Download
memory/2092-346-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2424-121-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2444-124-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2476-280-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2484-130-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2516-283-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2560-289-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2576-133-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2616-135-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2624-286-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2644-308-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-318-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-292-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2644-297-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-339-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-338-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-337-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-336-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-335-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-334-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-333-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-332-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-331-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-330-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-329-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-328-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-327-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-326-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-325-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-324-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-323-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-322-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-321-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-320-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-319-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-296-0x00000000081F0000-0x0000000008201000-memory.dmp

Filesize
68KB

Download
memory/2644-317-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-316-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-315-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-314-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-313-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-312-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-311-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-310-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-309-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-298-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-307-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-306-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-305-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-304-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-303-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-302-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-301-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-300-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2644-299-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2696-139-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2716-142-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2784-145-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2836-153-0x0000000007DE0000-0x0000000007DF1000-memory.dmp

Filesize
68KB

Download
memory/2896-368-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-355-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2896-402-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-401-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-400-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-399-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-398-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-397-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-396-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-395-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-394-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-393-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-392-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-391-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-390-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-389-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-388-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-387-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-386-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-385-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-384-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-383-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-382-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-381-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-380-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-379-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-378-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-377-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-376-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-375-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-374-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-373-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-372-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-371-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-370-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-369-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-367-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-366-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-365-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-364-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-363-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-362-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-361-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-360-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2896-359-0x0000000008700000-0x0000000008711000-memory.dmp

Filesize
68KB

Download
memory/2924-182-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-184-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-203-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-161-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-202-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-201-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-200-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-199-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-198-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-197-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-196-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-195-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-205-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-194-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-193-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-192-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-191-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-190-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-189-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-188-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-187-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-186-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-185-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-204-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-183-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-156-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download
memory/2924-181-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-180-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-179-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-178-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-177-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-176-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-175-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-174-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-173-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-172-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-171-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-170-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-169-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-168-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-167-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-166-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-165-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-164-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-163-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2924-162-0x000000000A020000-0x000000000A031000-memory.dmp

Filesize
68KB

Download
memory/3032-343-0x000000013FCC0FC0-0x000000013FCC1110-memory.dmp

Filesize
336B

Download