Analysis Overview
Threat Level: Known bad
The file https://dropmefiles.com/UbQSy was found to be: Known bad.
Malicious Activity Summary
Echelon
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Looks up external IP address via web service
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Program crash
Modifies registry class
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-10-15 08:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2021-10-15 08:40
Reported
2021-10-15 08:51
Platform
win10-en-20210920
Max time kernel
661s
Max time network
672s
Command Line
Signatures
Echelon
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\svhost.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\shhost.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance | C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "4" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 4e003100000000004f53524410006b726e6c00003a0009000400efbe4f53d0624f53d3622e0000007cac01000000070000000000000000000000000000001a44ac006b0072006e006c00000014000000 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\krnl\dnSpy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\KrnlService.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\shhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Java.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://dropmefiles.com/UbQSy
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff90f484f50,0x7ff90f484f60,0x7ff90f484f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1552 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1856 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.0.1128429088\1362072473" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1520 -prefsLen 1 -prefMapSize 219808 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1608 gpu
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.3.1058971587\570166072" -childID 1 -isForBrowser -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 122 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1332 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.13.448095363\1960123261" -childID 2 -isForBrowser -prefsHandle 3108 -prefMapHandle 3104 -prefsLen 6984 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3136 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.20.469004935\1743721578" -childID 3 -isForBrowser -prefsHandle 4380 -prefMapHandle 4364 -prefsLen 7689 -prefMapSize 219808 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 4224 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6504 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap10987:66:7zEvent29631
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1540,3296004091538904667,9442611679467592772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 /prefetch:8
C:\Users\Admin\Desktop\krnl\dnSpy.exe
"C:\Users\Admin\Desktop\krnl\dnSpy.exe"
C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin
"C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin"
C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin
"C:\Users\Admin\Desktop\krnl\krnl_portable_bootstrapper.bin"
C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_console_bootstrapper.exe"
C:\Users\Admin\AppData\Local\Temp\KrnlService.exe
"C:\Users\Admin\AppData\Local\Temp\KrnlService.exe"
C:\Users\Admin\AppData\Local\Temp\svhost.exe
"C:\Users\Admin\AppData\Local\Temp\svhost.exe"
C:\Users\Admin\AppData\Local\Temp\shhost.exe
"C:\Users\Admin\AppData\Local\Temp\shhost.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 1268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 2148
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Java" /tr '"C:\Users\Admin\AppData\Roaming\Java.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp2307.tmp.bat""
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Java" /tr '"C:\Users\Admin\AppData\Roaming\Java.exe"'
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Users\Admin\AppData\Roaming\Java.exe
"C:\Users\Admin\AppData\Roaming\Java.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap8098:58:7zEvent326 -ad -saa -- "C:\Users\Admin\Desktop\krnl"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff90f484f50,0x7ff90f484f60,0x7ff90f484f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1500 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1496,2720057790707508221,11717668513050829562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff90f484f50,0x7ff90f484f60,0x7ff90f484f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:8
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\93.269.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=oIv7Ayo7BDmA10RKA3kEIU3S8cIXixKIYvWicmev --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=93.269.200 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff70f249300,0x7ff70f249310,0x7ff70f249320
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3764_IYABBYOYDRUNITMT" --sandboxed-process-id=2 --init-done-notifier=716 --sandbox-mojo-pipe-token=18081902858485584364 --mojo-platform-channel-handle=692 --engine=2
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\93.269.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_3764_IYABBYOYDRUNITMT" --sandboxed-process-id=3 --init-done-notifier=916 --sandbox-mojo-pipe-token=1261459544719225878 --mojo-platform-channel-handle=912
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,1601736628792353100,12412448727597292701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5272 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49685 | tcp | |
| US | 8.8.8.8:53 | time.windows.com | udp |
| NL | 20.101.57.9:123 | time.windows.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | dropmefiles.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 216.58.214.13:443 | accounts.google.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| NL | 142.250.179.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 142.250.179.193:443 | clients2.googleusercontent.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 142.251.36.42:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| NL | 142.250.179.194:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| NL | 65.9.83.39:443 | firefox.settings.services.mozilla.com | tcp |
| US | 142.251.36.42:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 35.164.166.80:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 173.194.69.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| NL | 65.9.83.126:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.240.138.42:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | cs9.wac.phicdn.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| NL | 142.250.179.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | cs9.wac.phicdn.net | udp |
| US | 8.8.8.8:53 | repository.certum.pl | udp |
| US | 8.8.8.8:53 | d2nxq2uap88usk.cloudfront.net | udp |
| US | 8.8.8.8:53 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| NL | 104.110.191.15:80 | repository.certum.pl | tcp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | dyna.wikimedia.org | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 44.229.115.174:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | search.services.mozilla.com | udp |
| US | 35.161.17.206:443 | search.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | search.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | search.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 65.9.83.108:443 | snippets.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 65.9.83.108:443 | d228z91au11ukj.cloudfront.net | tcp |
| NL | 65.9.83.108:443 | d228z91au11ukj.cloudfront.net | tcp |
| N/A | 127.0.0.1:49694 | tcp | |
| N/A | 127.0.0.1:49711 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.38:443 | dropmefiles.com | tcp |
| NL | 142.250.179.161:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | udp | |
| US | 172.217.168.195:443 | ssl.gstatic.com | tcp |
| N/A | 127.0.0.1:49727 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.174:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 104.21.39.171:443 | cdn.krnl.ca | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 50.16.244.183:443 | api.ipify.org | tcp |
| US | 50.16.244.183:443 | api.ipify.org | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 104.21.17.237:443 | k-storage.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.23.98.190:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.22.30.40:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 216.58.214.13:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 172.217.168.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | tcp |
| NL | 142.250.179.206:443 | youtube-ui.l.google.com | udp |
| NL | 142.250.179.193:443 | clients2.googleusercontent.com | udp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 216.58.214.13:443 | accounts.google.com | udp |
| US | 216.58.214.13:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.206:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.250.179.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| RU | 176.99.128.18:443 | dropmefiles.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 142.251.36.42:443 | imasdk.googleapis.com | udp |
| US | 142.251.36.42:443 | imasdk.googleapis.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 142.251.36.2:443 | udp | |
| NL | 142.250.179.174:443 | youtube-ui.l.google.com | udp |
| NL | 142.250.179.194:443 | securepubads.g.doubleclick.net | udp |
| NL | 142.250.179.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | udp | |
| NL | 142.250.179.194:443 | securepubads.g.doubleclick.net | udp |
| US | 142.251.36.33:443 | 376b5cdd312b8187efebc2191b84809f.safeframe.googlesyndication.com | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| NL | 142.250.179.161:443 | udp | |
| NL | 142.250.179.161:443 | tcp | |
| US | 216.58.214.2:443 | udp | |
| US | 216.58.214.2:443 | udp | |
| US | 142.251.36.35:443 | udp | |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| NL | 216.58.208.106:443 | udp | |
| US | 142.251.36.3:443 | udp | |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 216.58.214.6:443 | udp | |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 142.251.36.35:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 35.241.15.198:443 | beacons.gcp.gvt2.com | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 3.134.39.220:17747 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.17.7.232:17747 | 0.tcp.ngrok.io | tcp |
Files
\??\pipe\crashpad_2676_GQXZERFQHNSPHHNB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Desktop\krnl.rar
| MD5 | d09d2d2404dfeb01304481492f8d8224 |
| SHA1 | f8b9c064c530ea91b99c7bf156e02bb192482416 |
| SHA256 | c3b4c7976a19135d4c2922460258546dd2a98be000ec84073062b15ebe863167 |
| SHA512 | b7ee7ac3ed6399baba099b0b8b10027c77a0719763253f901517dcf68f64d9e88c278ae853345512c69c10a7a7b8bb170b4ba069ffe69e6a3d507c7de5ef956e |
C:\Users\Admin\Desktop\krnl\dnSpy.exe
| MD5 | 5cf180fec9628c4df4267de3ed7a98a7 |
| SHA1 | edeaac9111d8f499378b67c983f7b7defbddb268 |
| SHA256 | bc1c4e0fc49c138bbfc223d3e94231cd4884439c663646d91e48fa005df6704a |
| SHA512 | 97149bb70657393965382a152f8dcdcd9bdca5a6914b788dcba6b92be1547a83fd2720afbd6b2deb9d20da524ee2bb85375d9ffd4b019157f0eef51d46539133 |
C:\Users\Admin\Desktop\krnl\bin\hostfxr.dll
| MD5 | fa1ba429770bc8b64ce65511f29ff88f |
| SHA1 | c9af6e053edc6f4ce1fcd165f1635cd15db98a9f |
| SHA256 | 48d9968db0001585b27c46c96d47952e86a42540b236a7d6877e8c67b7fa79a1 |
| SHA512 | c6dd92c56739e0b11dfeb496bbc14b24374e1910cb1a4c83edbb07d2565b2279fae0a9325d363ea7b2c548aea429ab6dcb875328ad48dcf2ef3256eb6c2778a3 |
\Users\Admin\Desktop\krnl\bin\hostpolicy.dll
| MD5 | af83b14c9628f161c980f69f7ae7b2be |
| SHA1 | 8b38008a74370379548a3accd259f43833b529ff |
| SHA256 | fb249fed957ee658bfc20dbe18d1810aed29cd0b626374d147da5891a24b1b52 |
| SHA512 | a70d3f787b63345e7c2d6fcc50f66858d3c4bfccc952c637900067c1b59312d6c72febd04749fa36e027d65eaf07c5d7f6e90c1ed4b28767f6f5d36dded15712 |
C:\Users\Admin\Desktop\krnl\bin\hostpolicy.dll
| MD5 | af83b14c9628f161c980f69f7ae7b2be |
| SHA1 | 8b38008a74370379548a3accd259f43833b529ff |
| SHA256 | fb249fed957ee658bfc20dbe18d1810aed29cd0b626374d147da5891a24b1b52 |
| SHA512 | a70d3f787b63345e7c2d6fcc50f66858d3c4bfccc952c637900067c1b59312d6c72febd04749fa36e027d65eaf07c5d7f6e90c1ed4b28767f6f5d36dded15712 |
C:\Users\Admin\Desktop\krnl\bin\dnSpy.deps.json
| MD5 | c5ebae728e2f6d81ebb2811311491990 |
| SHA1 | 41b37ba7693bb8c9f9852a80d1752e39203ee878 |
| SHA256 | c30990252f79f8a94c56ce5af663acf1333c34a4dd2c8abd199c82c684a45408 |
| SHA512 | 9acc4497bdcdb472cb7b59d257be5275803abfc358f56803b73cc11bd691cc4320135d534a47d00605610a7426db2115fe227adbc98b60aebb78d366f312e737 |
C:\Users\Admin\Desktop\krnl\bin\dnSpy.runtimeconfig.json
| MD5 | c0bbae9a92c0004f0e48a1303834a4f1 |
| SHA1 | 6254cc2e4595c272c88200a569ced499f82fb531 |
| SHA256 | d73d166ed2c36560e74ccd1067673bc17c881d570e09394ddd5ef0ffd3d9e8a4 |
| SHA512 | 29a0025944bc65b708909a18e8d42723de52b5bf9fb191ab7936090f51edc4430791f341229f204e875d0673b046bc71e73842babc72312e19eb9c9019549272 |
\Users\Admin\Desktop\krnl\bin\hostfxr.dll
| MD5 | fa1ba429770bc8b64ce65511f29ff88f |
| SHA1 | c9af6e053edc6f4ce1fcd165f1635cd15db98a9f |
| SHA256 | 48d9968db0001585b27c46c96d47952e86a42540b236a7d6877e8c67b7fa79a1 |
| SHA512 | c6dd92c56739e0b11dfeb496bbc14b24374e1910cb1a4c83edbb07d2565b2279fae0a9325d363ea7b2c548aea429ab6dcb875328ad48dcf2ef3256eb6c2778a3 |
C:\Users\Admin\Desktop\krnl\bin\coreclr.dll
| MD5 | 27d49de876adc48752954f64f5db9da4 |
| SHA1 | 2137a2a832fbb479bb2ae15297ca6d11a36cf68c |
| SHA256 | f31d2089328db88ffd561f56db944cae79647478e2b72be201d95607b8ae1666 |
| SHA512 | d2bec99263f36fefe1760f22b656e8cdd27ba5c66d5df9e8509165a8f119f0ba63c6a766e25ed4895a927a089c816c59fdd0c2fc0b2b9f2a22db65abbb1d9fd0 |
memory/4236-126-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-127-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
\Users\Admin\Desktop\krnl\bin\System.Private.CoreLib.dll
| MD5 | bd42384077787fb221c9f703fbb8bb88 |
| SHA1 | 0228f9a53ff3abd70c711b86b489718307eeba05 |
| SHA256 | 7a2279cd7d0507adcb206269bf0fe2e69f1059ebe5976f7413b76b769c75d531 |
| SHA512 | 5e9c4a4182756d835bf231d5c8657eb98b82244740d9af034d59d0628d91ef0a25c11028f88c878513538bdb6cbc9ef4e4ec5b7564354ca346ea50fefd3c9fa2 |
memory/4236-130-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
C:\Users\Admin\Desktop\krnl\bin\System.Private.CoreLib.dll
| MD5 | bd42384077787fb221c9f703fbb8bb88 |
| SHA1 | 0228f9a53ff3abd70c711b86b489718307eeba05 |
| SHA256 | 7a2279cd7d0507adcb206269bf0fe2e69f1059ebe5976f7413b76b769c75d531 |
| SHA512 | 5e9c4a4182756d835bf231d5c8657eb98b82244740d9af034d59d0628d91ef0a25c11028f88c878513538bdb6cbc9ef4e4ec5b7564354ca346ea50fefd3c9fa2 |
\Users\Admin\Desktop\krnl\bin\clrjit.dll
| MD5 | ae031b7fafb431d7e30b08d5e9a0b831 |
| SHA1 | 28a59dd780e0329ef19248e953e8cf703a9f97b3 |
| SHA256 | 97c766dbd9786e66e967263371b9f06a9f21aa2950795d4254a11edcd20e430e |
| SHA512 | 036e35fa9751c9c54006077da4ec5d248e9572d9b5e30f1af83992700d11210981df10141316b6afeb7ebe82d6e3517575bc9ba77cc7a9d2383b08ceceaf50fc |
C:\Users\Admin\Desktop\krnl\bin\clrjit.dll
| MD5 | ae031b7fafb431d7e30b08d5e9a0b831 |
| SHA1 | 28a59dd780e0329ef19248e953e8cf703a9f97b3 |
| SHA256 | 97c766dbd9786e66e967263371b9f06a9f21aa2950795d4254a11edcd20e430e |
| SHA512 | 036e35fa9751c9c54006077da4ec5d248e9572d9b5e30f1af83992700d11210981df10141316b6afeb7ebe82d6e3517575bc9ba77cc7a9d2383b08ceceaf50fc |
\Users\Admin\Desktop\krnl\bin\coreclr.dll
| MD5 | 27d49de876adc48752954f64f5db9da4 |
| SHA1 | 2137a2a832fbb479bb2ae15297ca6d11a36cf68c |
| SHA256 | f31d2089328db88ffd561f56db944cae79647478e2b72be201d95607b8ae1666 |
| SHA512 | d2bec99263f36fefe1760f22b656e8cdd27ba5c66d5df9e8509165a8f119f0ba63c6a766e25ed4895a927a089c816c59fdd0c2fc0b2b9f2a22db65abbb1d9fd0 |
C:\Users\Admin\Desktop\krnl\bin\dnSpy.dll
| MD5 | 1495a61498fafbc13a37b91bf32fe191 |
| SHA1 | 770e93957a7fd7a3172a51a48c56e7159c1aee09 |
| SHA256 | 13313b9a80d6fe4e86e289475a57c96451e6e98133e136a74619ba3443306d12 |
| SHA512 | 1750161ce2cd2ed6c4c21d904d249459ad91ac4c9a96c00645848852a0c42c85b0ce8c790c41322e148b43988b8bf78ef89df49dd3a1825c343178c33762a48c |
\Users\Admin\Desktop\krnl\bin\System.Runtime.dll
| MD5 | 715f4dc52da61002d5bb4e1a64108e82 |
| SHA1 | a48ea9b3a88780ff489858bc02ca42ce969fa593 |
| SHA256 | 7445aa86efeb0045d10ad97ec6a3b5bc72556e06501f471d754ae033df87d5d0 |
| SHA512 | b0dd8a363eaf975aa517fd7f109e7100da24f1d0f5fea52780c47dec7679609d0029c82cc79f5ee6d1bd296d3875f42ef9c9cd9033392a1269de4596ec27bd91 |
C:\Users\Admin\Desktop\krnl\bin\System.Runtime.dll
| MD5 | 715f4dc52da61002d5bb4e1a64108e82 |
| SHA1 | a48ea9b3a88780ff489858bc02ca42ce969fa593 |
| SHA256 | 7445aa86efeb0045d10ad97ec6a3b5bc72556e06501f471d754ae033df87d5d0 |
| SHA512 | b0dd8a363eaf975aa517fd7f109e7100da24f1d0f5fea52780c47dec7679609d0029c82cc79f5ee6d1bd296d3875f42ef9c9cd9033392a1269de4596ec27bd91 |
C:\Users\Admin\Desktop\krnl\bin\dnlib.dll
| MD5 | 4d0b771879de85137ee7e5f0d4bb4b16 |
| SHA1 | fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7 |
| SHA256 | 962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd |
| SHA512 | bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980 |
\Users\Admin\Desktop\krnl\bin\System.IO.FileSystem.dll
| MD5 | 944c070c2ac2208867b57d15c319ccc6 |
| SHA1 | 7ac800a94af0da43c78b3c3411aa21d45ccf911d |
| SHA256 | aa4db7afcb061c7b1029c414beef19ad5bb319b69f6eb7756113c9f207162e63 |
| SHA512 | 8d5693c6dfe07affc6d814db358aaf8c69c7d66d98d97bbb4b922d1bc192cc399c84642f16d6415dcd4189e49e96068fb9049306f05b8faa782bfc37f96403cf |
C:\Users\Admin\Desktop\krnl\bin\System.IO.FileSystem.dll
| MD5 | 944c070c2ac2208867b57d15c319ccc6 |
| SHA1 | 7ac800a94af0da43c78b3c3411aa21d45ccf911d |
| SHA256 | aa4db7afcb061c7b1029c414beef19ad5bb319b69f6eb7756113c9f207162e63 |
| SHA512 | 8d5693c6dfe07affc6d814db358aaf8c69c7d66d98d97bbb4b922d1bc192cc399c84642f16d6415dcd4189e49e96068fb9049306f05b8faa782bfc37f96403cf |
\Users\Admin\Desktop\krnl\bin\System.Diagnostics.Tracing.dll
| MD5 | 04e44e8deaf68d6285623287e6494209 |
| SHA1 | 060a22f69e413b47e6b0c2a8e9bf2f9b200c4575 |
| SHA256 | 474dabc74f78e89a40de5be362ca399de630400b46e7cb81c224692ebdbeed25 |
| SHA512 | 02bf3a560e4f10c1d2f208f16f03efc1cc7dbbdd8fcf875ef6040012663a1c6008331920ec62ccc09378f6337c8470e5b456566c4dbdb21478d079269df56ea1 |
C:\Users\Admin\Desktop\krnl\bin\PresentationCore.dll
| MD5 | 8248dae04024364aec8b53ce0a292ec7 |
| SHA1 | 02d208a9641770565ba0b5cb670c02eb72cf4edd |
| SHA256 | d9108c34ce90cfe678a8151ff48ccb814f7865263b233176a27c4745344a1a3f |
| SHA512 | b65b492e9a110cb73135aa74e22626b53776784bad2966831125736706efb183e598f78175517150889cf42ddee1dfa4d79ce8d38474137df91dd185f1787fe3 |
C:\Users\Admin\Desktop\krnl\bin\WindowsBase.dll
| MD5 | e8674dbfceac4bc362c1f15cdc8fd2ef |
| SHA1 | d2c693cc121df0a69e5c1d1ab67a43123601f8e3 |
| SHA256 | 85812bc0cbe06a06ccdd20473155a5cfef31b1760767e29ea688457f2830ccc1 |
| SHA512 | c01d639a188e745a0c4e789598b60e99bf0ea0544ca9ebd6b12f3e158c0bbc1e164dd0aa274cadf4b1ea3c99254656d057dc36d9ee29904de0e021485e652fc1 |
\Users\Admin\Desktop\krnl\bin\PresentationCore.dll
| MD5 | 8248dae04024364aec8b53ce0a292ec7 |
| SHA1 | 02d208a9641770565ba0b5cb670c02eb72cf4edd |
| SHA256 | d9108c34ce90cfe678a8151ff48ccb814f7865263b233176a27c4745344a1a3f |
| SHA512 | b65b492e9a110cb73135aa74e22626b53776784bad2966831125736706efb183e598f78175517150889cf42ddee1dfa4d79ce8d38474137df91dd185f1787fe3 |
\Users\Admin\Desktop\krnl\bin\netstandard.dll
| MD5 | 349c39c3ff7dd2fb44d5fa3c5baf64c6 |
| SHA1 | b60d38ed5bcb35f66468a43dc4349dfa970b1c02 |
| SHA256 | 737d504f6fa742b23cf4149cd0384fdbdc929bc4231bdd0d7bd772ea9dd1805f |
| SHA512 | e63dd8f5e1392740a0e2228fcd88bba0392c5834ae2a3caa311e894b177623d636d12a5c0107f81f9b92e01fcdc75cbca287731eee4d136f73d1e9b6fca9bc0b |
C:\Users\Admin\Desktop\krnl\bin\netstandard.dll
| MD5 | 349c39c3ff7dd2fb44d5fa3c5baf64c6 |
| SHA1 | b60d38ed5bcb35f66468a43dc4349dfa970b1c02 |
| SHA256 | 737d504f6fa742b23cf4149cd0384fdbdc929bc4231bdd0d7bd772ea9dd1805f |
| SHA512 | e63dd8f5e1392740a0e2228fcd88bba0392c5834ae2a3caa311e894b177623d636d12a5c0107f81f9b92e01fcdc75cbca287731eee4d136f73d1e9b6fca9bc0b |
C:\Users\Admin\Desktop\krnl\bin\System.Diagnostics.Tracing.dll
| MD5 | 04e44e8deaf68d6285623287e6494209 |
| SHA1 | 060a22f69e413b47e6b0c2a8e9bf2f9b200c4575 |
| SHA256 | 474dabc74f78e89a40de5be362ca399de630400b46e7cb81c224692ebdbeed25 |
| SHA512 | 02bf3a560e4f10c1d2f208f16f03efc1cc7dbbdd8fcf875ef6040012663a1c6008331920ec62ccc09378f6337c8470e5b456566c4dbdb21478d079269df56ea1 |
C:\Users\Admin\Desktop\krnl\bin\dnSpy.Contracts.DnSpy.dll
| MD5 | 5897a5f8bb3fdbaea1f5d37f1a0137e5 |
| SHA1 | ad75c9397106112ae52dd1cb93899d81ea0c2d6b |
| SHA256 | a06639a52050f3d0f4644ccd55c7ba1572a7f63b5cf51067f8e9088f7cae2449 |
| SHA512 | 7f6567700efa2b8b01193e58992dbba714c21ba9e67896a39247335886c0f4e6a210d0023b6b7559c509131f83d99e2f16acbd08b0c4ad672b15582bfc234add |
\Users\Admin\Desktop\krnl\bin\WindowsBase.dll
| MD5 | e8674dbfceac4bc362c1f15cdc8fd2ef |
| SHA1 | d2c693cc121df0a69e5c1d1ab67a43123601f8e3 |
| SHA256 | 85812bc0cbe06a06ccdd20473155a5cfef31b1760767e29ea688457f2830ccc1 |
| SHA512 | c01d639a188e745a0c4e789598b60e99bf0ea0544ca9ebd6b12f3e158c0bbc1e164dd0aa274cadf4b1ea3c99254656d057dc36d9ee29904de0e021485e652fc1 |
C:\Users\Admin\Desktop\krnl\bin\mscorlib.dll
| MD5 | a029bd0904a2966373c1302b0e0324a9 |
| SHA1 | b01c81668917eb6b8566c1fe210fb300648d97ba |
| SHA256 | 2b3ead4f40779324d728c8970721b3af78f8085877e73e1ae163085515ed285a |
| SHA512 | 33e9deb58c0f1220b097a6be47f8b00696261e61d0a3910cbe871cb03240aaf4acfde2af9a9dbf38c1b9061246fffc9eefe6b036d0cba87f351182c367c9acf1 |
C:\Users\Admin\Desktop\krnl\bin\DirectWriteForwarder.dll
| MD5 | fe18b6ed4c63d18156217dc30f1482e5 |
| SHA1 | 1d1eccc4e03b086d49c453b4e5716e164892f006 |
| SHA256 | 1f1093930ebc3779f2d4659ed3a31fd05cfa1dbffc0f7575955cb28e7b990c64 |
| SHA512 | c5c6e64eb2ab0ef93f6d823e002f895333983f4d151ac7296c7de65e9fb8096502f8db3035ded3612fb9c6c99a8a1c09c81c3ff84dca7e1b5c5b803d10e36052 |
\Users\Admin\Desktop\krnl\bin\System.Runtime.InteropServices.dll
| MD5 | 48fb2d5f200c68a00ce0388770341478 |
| SHA1 | 7279cd97c3f7f4753629e21cb8234e4082b1f890 |
| SHA256 | 31286dd429d6588632adb78b514a0d9f8b8fc9ac2e88976d10f83d46cabdccb5 |
| SHA512 | e120bf83ca0bb6f91108d34839d88c23204e83b9805bac9bac3d08336132dbbd0c2b2012807d4ae1ebb1c5247d33cba4e2ba859ea45ed3f7517a0adbb1d3cdda |
C:\Users\Admin\Desktop\krnl\bin\System.Runtime.InteropServices.dll
| MD5 | 48fb2d5f200c68a00ce0388770341478 |
| SHA1 | 7279cd97c3f7f4753629e21cb8234e4082b1f890 |
| SHA256 | 31286dd429d6588632adb78b514a0d9f8b8fc9ac2e88976d10f83d46cabdccb5 |
| SHA512 | e120bf83ca0bb6f91108d34839d88c23204e83b9805bac9bac3d08336132dbbd0c2b2012807d4ae1ebb1c5247d33cba4e2ba859ea45ed3f7517a0adbb1d3cdda |
\Users\Admin\Desktop\krnl\bin\System.Runtime.Extensions.dll
| MD5 | 621f8acc3152f04a3fd9a901b08985e2 |
| SHA1 | 19e89c3f51c3d8048e1d2fe1de269f8906f291a4 |
| SHA256 | ddd7f16cf52c23b5953f67057bcddcc8fc7f11b32dfd93a1e3079fb0e81a56fb |
| SHA512 | 3b31121685825b9cab3e0def9b9549f9fc5580d240e3abe8058d65326d2cdd37b6cf9ceaabe2d56b66d91b283203c8fad518eb0de3a6b8c02afef23915bfb1f8 |
C:\Users\Admin\Desktop\krnl\bin\System.Runtime.Extensions.dll
| MD5 | 621f8acc3152f04a3fd9a901b08985e2 |
| SHA1 | 19e89c3f51c3d8048e1d2fe1de269f8906f291a4 |
| SHA256 | ddd7f16cf52c23b5953f67057bcddcc8fc7f11b32dfd93a1e3079fb0e81a56fb |
| SHA512 | 3b31121685825b9cab3e0def9b9549f9fc5580d240e3abe8058d65326d2cdd37b6cf9ceaabe2d56b66d91b283203c8fad518eb0de3a6b8c02afef23915bfb1f8 |
\Users\Admin\Desktop\krnl\bin\DirectWriteForwarder.dll
| MD5 | fe18b6ed4c63d18156217dc30f1482e5 |
| SHA1 | 1d1eccc4e03b086d49c453b4e5716e164892f006 |
| SHA256 | 1f1093930ebc3779f2d4659ed3a31fd05cfa1dbffc0f7575955cb28e7b990c64 |
| SHA512 | c5c6e64eb2ab0ef93f6d823e002f895333983f4d151ac7296c7de65e9fb8096502f8db3035ded3612fb9c6c99a8a1c09c81c3ff84dca7e1b5c5b803d10e36052 |
memory/4236-155-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-156-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-157-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-158-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-159-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-160-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-162-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-163-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-197-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-198-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-200-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-199-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-201-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-202-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-203-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-204-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-205-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-207-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-206-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-208-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-209-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-210-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-211-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-212-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-213-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-214-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-216-0x0000018DB5A60000-0x0000018DB5A62000-memory.dmp
memory/4236-224-0x0000018DB5AB0000-0x0000018DB5AB2000-memory.dmp
memory/4236-244-0x0000018DB5AB3000-0x0000018DB5AB5000-memory.dmp
memory/4236-250-0x0000018DB5AB5000-0x0000018DB5AB6000-memory.dmp
memory/2300-304-0x0000000000000000-mapping.dmp
memory/4236-313-0x0000018DB5AB6000-0x0000018DB5AB7000-memory.dmp
memory/2300-326-0x000000001B820000-0x000000001BD4A000-memory.dmp
memory/2300-325-0x000000001B820000-0x000000001BD4A000-memory.dmp
memory/2300-324-0x000000001B820000-0x000000001BD4A000-memory.dmp
memory/2300-327-0x000000001B820000-0x000000001BD4A000-memory.dmp
memory/2300-337-0x0000000002D30000-0x0000000002D32000-memory.dmp
memory/4236-374-0x0000018DB5AB7000-0x0000018DB5AB8000-memory.dmp
memory/1800-403-0x0000000000000000-mapping.dmp
memory/1800-412-0x000000001C700000-0x000000001C702000-memory.dmp
memory/1800-414-0x000000001C702000-0x000000001C704000-memory.dmp
memory/1800-413-0x000000001C704000-0x000000001C706000-memory.dmp
memory/1800-415-0x000000001C706000-0x000000001C708000-memory.dmp
memory/3776-428-0x0000000000000000-mapping.dmp
memory/4164-429-0x0000000000000000-mapping.dmp
memory/1800-433-0x00000000031F0000-0x00000000031F2000-memory.dmp
memory/4208-439-0x0000000000000000-mapping.dmp
memory/1912-449-0x0000000000000000-mapping.dmp
memory/3776-450-0x00000000051C0000-0x0000000005722000-memory.dmp
memory/4208-451-0x0000000005BD0000-0x0000000006132000-memory.dmp
memory/1912-461-0x0000000005D00000-0x0000000006262000-memory.dmp
memory/4164-468-0x0000000005680000-0x0000000005BE2000-memory.dmp
memory/3300-476-0x0000000000000000-mapping.dmp
memory/2076-477-0x0000000000000000-mapping.dmp
memory/3472-479-0x0000000000000000-mapping.dmp
memory/1552-478-0x0000000000000000-mapping.dmp
memory/964-480-0x0000000000000000-mapping.dmp
memory/964-487-0x0000000005750000-0x0000000005CB2000-memory.dmp
memory/3764-539-0x0000000000000000-mapping.dmp
memory/2328-542-0x0000000000000000-mapping.dmp
memory/4072-546-0x0000000000000000-mapping.dmp
memory/408-552-0x0000000000000000-mapping.dmp
memory/4072-558-0x000001E66B1F0000-0x000001E66B230000-memory.dmp
memory/4072-557-0x000001E66B1F0000-0x000001E66B1F1000-memory.dmp
memory/4072-559-0x000001E66B270000-0x000001E66B2B0000-memory.dmp
memory/4072-560-0x000001E66D2C0000-0x000001E66D300000-memory.dmp
memory/4072-561-0x000001E66D300000-0x000001E66D340000-memory.dmp
memory/4072-563-0x000001E66D490000-0x000001E66D4D0000-memory.dmp
memory/4072-562-0x000001E66D450000-0x000001E66D490000-memory.dmp
memory/4072-564-0x000001E66D4D0000-0x000001E66D510000-memory.dmp
memory/4072-565-0x000001E66D510000-0x000001E66D550000-memory.dmp